From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Howells Subject: Re: [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2] Date: Mon, 05 Jan 2009 16:48:52 +0000 Message-ID: <806.1231174132@redhat.com> References: <20090102164505.GA10465@fieldses.org> <20090102051905.GC1073@fieldses.org> <20090101235332.GA31840@fieldses.org> <24959.1230694093@redhat.com> <20081230134248.GA30124@lst.de> <21275.1230736542@redhat.com> <29449.1230859152@redhat.com> <32481.1230897578@redhat.com> Cc: dhowells@redhat.com, Christoph Hellwig , jmorris@namei.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org To: "J. Bruce Fields" Return-path: Received: from mx2.redhat.com ([66.187.237.31]:34658 "EHLO mx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752739AbZAEQtE (ORCPT ); Mon, 5 Jan 2009 11:49:04 -0500 In-Reply-To: <20090102164505.GA10465@fieldses.org> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: J. Bruce Fields wrote: > And the test failure > is nfsd_lookup() returning OK on a directory when it should return > nfserr_perm. I assume that's the result of inode_permission(directory > inode, MAY_EXEC) returning 0 when it shouldn't, but I haven't confirmed > that. The first problem directly related to this is, I think, addressed by the attached patch. There seems to be more to it, though. David --- diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 0184fe9..64bc1f5 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -76,7 +76,7 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) ret = set_groups(new, gi); put_group_info(gi); - if (!ret) + if (ret < 0) goto error; if (new->uid)