From: Christian Brauner <brauner@kernel.org>
To: linux-fsdevel@vger.kernel.org
Cc: Christian Brauner <brauner@kernel.org>,
Seth Forshee <sforshee@kernel.org>,
Christoph Hellwig <hch@lst.de>, Al Viro <viro@zeniv.linux.org.uk>,
Miklos Szeredi <miklos@szeredi.hu>,
Amir Goldstein <amir73il@gmail.com>,
linux-unionfs@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: [PATCH v2 27/30] ovl: use stub posix acl handlers
Date: Mon, 26 Sep 2022 16:08:24 +0200 [thread overview]
Message-ID: <20220926140827.142806-28-brauner@kernel.org> (raw)
In-Reply-To: <20220926140827.142806-1-brauner@kernel.org>
Now that ovl supports the get and set acl inode operations and the vfs
has been switched to the new posi api, ovl can simply rely on the stub
posix acl handlers. The custom xattr handlers and associated unused
helpers can be removed.
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
Notes:
/* v2 */
unchanged
fs/overlayfs/super.c | 101 ++-----------------------------------------
1 file changed, 4 insertions(+), 97 deletions(-)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 8a13319db1d3..0c7ae79b10b1 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -998,83 +998,6 @@ static unsigned int ovl_split_lowerdirs(char *str)
return ctr;
}
-static int __maybe_unused
-ovl_posix_acl_xattr_get(const struct xattr_handler *handler,
- struct dentry *dentry, struct inode *inode,
- const char *name, void *buffer, size_t size)
-{
- return ovl_xattr_get(dentry, inode, handler->name, buffer, size);
-}
-
-static int __maybe_unused
-ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
- struct user_namespace *mnt_userns,
- struct dentry *dentry, struct inode *inode,
- const char *name, const void *value,
- size_t size, int flags)
-{
- struct dentry *workdir = ovl_workdir(dentry);
- struct inode *realinode = ovl_inode_real(inode);
- struct posix_acl *acl = NULL;
- int err;
-
- /* Check that everything is OK before copy-up */
- if (value) {
- /* The above comment can be understood in two ways:
- *
- * 1. We just want to check whether the basic POSIX ACL format
- * is ok. For example, if the header is correct and the size
- * is sane.
- * 2. We want to know whether the ACL_{GROUP,USER} entries can
- * be mapped according to the underlying filesystem.
- *
- * Currently, we only check 1. If we wanted to check 2. we
- * would need to pass the mnt_userns and the fs_userns of the
- * underlying filesystem. But frankly, I think checking 1. is
- * enough to start the copy-up.
- */
- acl = vfs_set_acl_prepare(&init_user_ns, &init_user_ns, value, size);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
- }
- err = -EOPNOTSUPP;
- if (!IS_POSIXACL(d_inode(workdir)))
- goto out_acl_release;
- if (!realinode->i_op->set_acl)
- goto out_acl_release;
- if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) {
- err = acl ? -EACCES : 0;
- goto out_acl_release;
- }
- err = -EPERM;
- if (!inode_owner_or_capable(&init_user_ns, inode))
- goto out_acl_release;
-
- posix_acl_release(acl);
-
- /*
- * Check if sgid bit needs to be cleared (actual setacl operation will
- * be done with mounter's capabilities and so that won't do it for us).
- */
- if (unlikely(inode->i_mode & S_ISGID) &&
- handler->flags == ACL_TYPE_ACCESS &&
- !in_group_p(inode->i_gid) &&
- !capable_wrt_inode_uidgid(&init_user_ns, inode, CAP_FSETID)) {
- struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };
-
- err = ovl_setattr(&init_user_ns, dentry, &iattr);
- if (err)
- return err;
- }
-
- err = ovl_xattr_set(dentry, inode, handler->name, value, size, flags);
- return err;
-
-out_acl_release:
- posix_acl_release(acl);
- return err;
-}
-
static int ovl_own_xattr_get(const struct xattr_handler *handler,
struct dentry *dentry, struct inode *inode,
const char *name, void *buffer, size_t size)
@@ -1107,22 +1030,6 @@ static int ovl_other_xattr_set(const struct xattr_handler *handler,
return ovl_xattr_set(dentry, inode, name, value, size, flags);
}
-static const struct xattr_handler __maybe_unused
-ovl_posix_acl_access_xattr_handler = {
- .name = XATTR_NAME_POSIX_ACL_ACCESS,
- .flags = ACL_TYPE_ACCESS,
- .get = ovl_posix_acl_xattr_get,
- .set = ovl_posix_acl_xattr_set,
-};
-
-static const struct xattr_handler __maybe_unused
-ovl_posix_acl_default_xattr_handler = {
- .name = XATTR_NAME_POSIX_ACL_DEFAULT,
- .flags = ACL_TYPE_DEFAULT,
- .get = ovl_posix_acl_xattr_get,
- .set = ovl_posix_acl_xattr_set,
-};
-
static const struct xattr_handler ovl_own_trusted_xattr_handler = {
.prefix = OVL_XATTR_TRUSTED_PREFIX,
.get = ovl_own_xattr_get,
@@ -1143,8 +1050,8 @@ static const struct xattr_handler ovl_other_xattr_handler = {
static const struct xattr_handler *ovl_trusted_xattr_handlers[] = {
#ifdef CONFIG_FS_POSIX_ACL
- &ovl_posix_acl_access_xattr_handler,
- &ovl_posix_acl_default_xattr_handler,
+ &posix_acl_access_xattr_handler,
+ &posix_acl_default_xattr_handler,
#endif
&ovl_own_trusted_xattr_handler,
&ovl_other_xattr_handler,
@@ -1153,8 +1060,8 @@ static const struct xattr_handler *ovl_trusted_xattr_handlers[] = {
static const struct xattr_handler *ovl_user_xattr_handlers[] = {
#ifdef CONFIG_FS_POSIX_ACL
- &ovl_posix_acl_access_xattr_handler,
- &ovl_posix_acl_default_xattr_handler,
+ &posix_acl_access_xattr_handler,
+ &posix_acl_default_xattr_handler,
#endif
&ovl_own_user_xattr_handler,
&ovl_other_xattr_handler,
--
2.34.1
next prev parent reply other threads:[~2022-09-26 15:26 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-26 14:07 [PATCH v2 00/30] acl: add vfs posix acl api Christian Brauner
2022-09-26 14:07 ` [PATCH v2 01/30] orangefs: rework posix acl handling when creating new filesystem objects Christian Brauner
2022-09-26 14:07 ` [PATCH v2 02/30] fs: pass dentry to set acl method Christian Brauner
2022-09-26 14:08 ` [PATCH v2 03/30] fs: rename current get " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 04/30] fs: add new " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 05/30] cifs: implement " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 06/30] cifs: implement set " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 07/30] 9p: implement get " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 08/30] 9p: implement set " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 09/30] acl: add vfs_set_acl() Christian Brauner
2022-09-26 14:08 ` [PATCH v2 10/30] security: add set acl hook Christian Brauner
2022-09-27 22:55 ` Paul Moore
2022-09-26 14:08 ` [PATCH v2 11/30] selinux: implement " Christian Brauner
2022-09-27 22:55 ` Paul Moore
2022-09-26 14:08 ` [PATCH v2 12/30] smack: " Christian Brauner
2022-09-27 22:56 ` Paul Moore
2022-09-27 23:15 ` Casey Schaufler
2022-09-26 14:08 ` [PATCH v2 13/30] evm: " Christian Brauner
2022-09-27 22:56 ` Paul Moore
2022-09-26 14:08 ` [PATCH v2 14/30] acl: use " Christian Brauner
2022-09-27 22:56 ` Paul Moore
2022-09-26 14:08 ` [PATCH v2 15/30] evm: add post " Christian Brauner
2022-09-27 22:56 ` Paul Moore
2022-09-26 14:08 ` [PATCH v2 16/30] acl: add vfs_get_acl() Christian Brauner
2022-09-27 22:55 ` Paul Moore
2022-09-28 7:40 ` Christian Brauner
2022-09-28 14:58 ` Paul Moore
2022-09-28 15:12 ` Christian Brauner
2022-09-28 15:27 ` Paul Moore
2022-09-26 14:08 ` [PATCH v2 17/30] acl: add vfs_remove_acl() Christian Brauner
2022-09-27 22:55 ` Paul Moore
2022-09-28 7:41 ` Christian Brauner
2022-09-26 14:08 ` [PATCH v2 18/30] evm: simplify evm_xattr_acl_change() Christian Brauner
2022-09-27 22:56 ` Paul Moore
2022-09-28 13:31 ` Christian Brauner
2022-09-26 14:08 ` [PATCH v2 19/30] ksmbd: use vfs_remove_acl() Christian Brauner
2022-09-26 14:08 ` [PATCH v2 20/30] ecryptfs: implement get acl method Christian Brauner
2022-09-26 14:08 ` [PATCH v2 21/30] ecryptfs: implement set " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 22/30] ovl: implement get " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 23/30] ovl: implement set " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 24/30] ovl: use posix acl api Christian Brauner
2022-09-26 14:08 ` [PATCH v2 25/30] xattr: " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 26/30] ecryptfs: use stub posix acl handlers Christian Brauner
2022-09-26 14:08 ` Christian Brauner [this message]
2022-09-26 14:08 ` [PATCH v2 28/30] cifs: " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 29/30] 9p: " Christian Brauner
2022-09-26 14:08 ` [PATCH v2 30/30] acl: remove a slew of now unused helpers Christian Brauner
2022-09-27 0:22 ` [PATCH v2 00/30] acl: add vfs posix acl api Casey Schaufler
2022-09-27 7:41 ` Christoph Hellwig
2022-09-27 7:59 ` Christian Brauner
2022-09-27 14:11 ` Casey Schaufler
2022-09-27 15:16 ` Seth Forshee
2022-09-27 15:55 ` Casey Schaufler
2022-09-27 23:24 ` Paul Moore
2022-09-27 23:37 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220926140827.142806-28-brauner@kernel.org \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=sforshee@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).