From: "Venkateswararao Jujjuri (JV)" <jvrao@linux.vnet.ibm.com>
To: "Aneesh Kumar K. V" <aneesh.kumar@linux.vnet.ibm.com>
Cc: v9fs-developer@lists.sourceforge.net, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH-V2] [fs/9P] Add posixacl mount option
Date: Thu, 27 Jan 2011 12:09:47 -0800 [thread overview]
Message-ID: <4D41D10B.8060809@linux.vnet.ibm.com> (raw)
In-Reply-To: <87lj26xve4.fsf@linux.vnet.ibm.com>
On 1/27/2011 6:40 AM, Aneesh Kumar K. V wrote:
> On Wed, 26 Jan 2011 22:55:28 -0800, "Venkateswararao Jujjuri (JV)" <jvrao@linux.vnet.ibm.com> wrote:
>> The mount option access=client is overloaded as it assumes acl too.
>> Adding posixacl option to enable POSIX ACLs makes it explicit and clear.
>> Also it is convenient in the future to add other types of acls like richacls.
>>
>> Ideally, the access mode 'client' should be just like V9FS_ACCESS_USER
>> except it underscores the location of access check.
>> Traditional 9P protocol lets the server perform access checks but with
>> this mode, all the access checks will be performed on the client itself.
>> Server just follows the client's directive.
>>
>> Changes from V1
>> --------------
>> - Changed the option to -o posixacl and corresponding changes.
>> - Corrected if conditions in acl.c
>>
>> Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
>> ---
>> fs/9p/acl.c | 8 +++++---
>> fs/9p/v9fs.c | 24 +++++++++++++++++-------
>> fs/9p/v9fs.h | 6 +++++-
>> fs/9p/vfs_super.c | 2 +-
>> 4 files changed, 28 insertions(+), 12 deletions(-)
>>
>> diff --git a/fs/9p/acl.c b/fs/9p/acl.c
>> index 0a2e480..1ee3434 100644
>> --- a/fs/9p/acl.c
>> +++ b/fs/9p/acl.c
>> @@ -59,7 +59,8 @@ int v9fs_get_acl(struct inode *inode, struct p9_fid *fid)
>> struct v9fs_session_info *v9ses;
>>
>> v9ses = v9fs_inode2v9ses(inode);
>> - if ((v9ses->flags & V9FS_ACCESS_MASK) != V9FS_ACCESS_CLIENT) {
>> + if (((v9ses->flags & V9FS_ACCESS_MASK) != V9FS_ACCESS_CLIENT) ||
>> + ((v9ses->flags & V9FS_ACL_MASK) != V9FS_POSIX_ACL)) {
>> set_cached_acl(inode, ACL_TYPE_DEFAULT, NULL);
>> set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
>> return 0;
>> @@ -104,9 +105,10 @@ int v9fs_check_acl(struct inode *inode, int mask, unsigned int flags)
>> return -ECHILD;
>>
>> v9ses = v9fs_inode2v9ses(inode);
>> - if ((v9ses->flags & V9FS_ACCESS_MASK) != V9FS_ACCESS_CLIENT) {
>> + if (((v9ses->flags & V9FS_ACCESS_MASK) != V9FS_ACCESS_CLIENT) ||
>> + ((v9ses->flags & V9FS_ACL_MASK) !=
>> V9FS_POSIX_ACL)) {
>
> check_acl should be called only if IS_POSIXACL(inode) is true. So do we
> really need this check ?. Even the original change is not needed i guess.
May be not; if we need it to be deleted let us have another patch.
>
>> /*
>> - * On access = client mode get the acl
>> + * On access = client and acl = on mode get the acl
>> * values from the server
>> */
>> return 0;
>> diff --git a/fs/9p/v9fs.c b/fs/9p/v9fs.c
>> index d34f293..7823a7c 100644
>> --- a/fs/9p/v9fs.c
>> +++ b/fs/9p/v9fs.c
>> @@ -55,7 +55,7 @@ enum {
>> /* Cache options */
>> Opt_cache_loose, Opt_fscache,
>> /* Access options */
>> - Opt_access,
>> + Opt_access, Opt_posixacl,
>> /* Error token */
>> Opt_err
>> };
>> @@ -73,6 +73,7 @@ static const match_table_t tokens = {
>> {Opt_fscache, "fscache"},
>> {Opt_cachetag, "cachetag=%s"},
>> {Opt_access, "access=%s"},
>> + {Opt_posixacl, "posixacl"},
>> {Opt_err, NULL}
>> };
>>
>> @@ -194,13 +195,7 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts)
>> else if (strcmp(s, "any") == 0)
>> v9ses->flags |= V9FS_ACCESS_ANY;
>> else if (strcmp(s, "client") == 0) {
>> -#ifdef CONFIG_9P_FS_POSIX_ACL
>> v9ses->flags |= V9FS_ACCESS_CLIENT;
>> -#else
>> - P9_DPRINTK(P9_DEBUG_ERROR,
>> - "Not defined CONFIG_9P_FS_POSIX_ACL. "
>> - "Ignoring access=client option\n");
>> -#endif
>> } else {
>> v9ses->flags |= V9FS_ACCESS_SINGLE;
>> v9ses->uid = simple_strtoul(s, &e, 10);
>> @@ -210,6 +205,16 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts)
>> kfree(s);
>> break;
>>
>> + case Opt_posixacl:
>> +#ifdef CONFIG_9P_FS_POSIX_ACL
>> + v9ses->flags |= V9FS_POSIX_ACL;
>> +#else
>> + P9_DPRINTK(P9_DEBUG_ERROR,
>> + "Not defined CONFIG_9P_FS_POSIX_ACL. "
>> + "Ignoring posixacl option\n");
>> +#endif
>
> We should also ensure that -o posixacl is only allowed with
> access=client.
>
>> + break;
>> +
>> default:
>> continue;
>> }
>> @@ -294,6 +299,11 @@ struct p9_fid *v9fs_session_init(struct v9fs_session_info *v9ses,
>> */
>> v9ses->flags &= ~V9FS_ACCESS_MASK;
>> v9ses->flags |= V9FS_ACCESS_USER;
>> + /*
>> + * We support ACL checks on clinet only if the protocol is
>> + * 9P2000.L and access is V9FS_ACCESS_CLIENT.
>> + */
>> + v9ses->flags &= ~V9FS_ACL_MASK;
>> }
>
> That is this need update,
> access=user -o posixacl with dotu should not be allowed.
Hrm.. that would make sense.. I can add a check here.
>
>
>> /*FIXME !! */
>> /* for legacy mode, fall back to V9FS_ACCESS_ANY */
>> diff --git a/fs/9p/v9fs.h b/fs/9p/v9fs.h
>> index c4b5d88..b776a2c 100644
>> --- a/fs/9p/v9fs.h
>> +++ b/fs/9p/v9fs.h
>> @@ -28,8 +28,10 @@
>> * @V9FS_PROTO_2000L: whether or not to use 9P2000.l extensions
>> * @V9FS_ACCESS_SINGLE: only the mounting user can access the hierarchy
>> * @V9FS_ACCESS_USER: a new attach will be issued for every user (default)
>> + * @V9FS_ACCESS_CLIENT: Just like user, but access check is performed on client.
>> * @V9FS_ACCESS_ANY: use a single attach for all users
>> * @V9FS_ACCESS_MASK: bit mask of different ACCESS options
>> + * @V9FS_ACL_ON: If ACLs are enforced
>
> V9FS_POSIX_ACL ^^ that should be
Good catch.
Thanks,
JV
>
>
>> *
>> * Session flags reflect options selected by users at mount time
>> */
>> @@ -37,13 +39,15 @@
>> V9FS_ACCESS_USER | \
>> V9FS_ACCESS_CLIENT)
>> #define V9FS_ACCESS_MASK V9FS_ACCESS_ANY
>> +#define V9FS_ACL_MASK V9FS_POSIX_ACL
>>
>> enum p9_session_flags {
>> V9FS_PROTO_2000U = 0x01,
>> V9FS_PROTO_2000L = 0x02,
>> V9FS_ACCESS_SINGLE = 0x04,
>> V9FS_ACCESS_USER = 0x08,
>> - V9FS_ACCESS_CLIENT = 0x10
>> + V9FS_ACCESS_CLIENT = 0x10,
>> + V9FS_POSIX_ACL = 0x20
>> };
>>
>> /* possible values of ->cache */
>> diff --git a/fs/9p/vfs_super.c b/fs/9p/vfs_super.c
>> index dbaabe3..4f14be5 100644
>> --- a/fs/9p/vfs_super.c
>> +++ b/fs/9p/vfs_super.c
>> @@ -91,7 +91,7 @@ v9fs_fill_super(struct super_block *sb, struct v9fs_session_info *v9ses,
>> MS_NOATIME;
>>
>> #ifdef CONFIG_9P_FS_POSIX_ACL
>> - if ((v9ses->flags & V9FS_ACCESS_MASK) == V9FS_ACCESS_CLIENT)
>> + if ((v9ses->flags & V9FS_ACL_MASK) == V9FS_POSIX_ACL)
>> sb->s_flags |= MS_POSIXACL;
>> #endif
>>
>> --
>> 1.6.5.2
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2011-01-27 20:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-27 6:55 [PATCH-V2] [fs/9P] Add posixacl mount option Venkateswararao Jujjuri (JV)
2011-01-27 14:40 ` Aneesh Kumar K. V
2011-01-27 20:09 ` Venkateswararao Jujjuri (JV) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D41D10B.8060809@linux.vnet.ibm.com \
--to=jvrao@linux.vnet.ibm.com \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=v9fs-developer@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).