[PATCH] ACL supports to mqueue

[PATCH] ACL supports to mqueue

[Zhou Peng]

[-- Attachment #1: Type: text/plain, Size: 4697 bytes --]

This patch adds ACL supports to mqueue filesystem.
Based on Linux 3.0.4.

Signed-off-by: Zhou Peng <zhoupeng@nfs.iscas.ac.cn>

diff --git a/fs/Kconfig b/fs/Kconfig
index 19891aa..dbf0aca 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -151,6 +151,14 @@ config TMPFS_XATTR

 	  If unsure, say N.

+config MQUEUE_POSIX_ACL
+       bool "Mqueue POSIX Access Control Lists support"
+       depends on POSIX_MQUEUE
+       select GENERIC_ACL
+       help
+         Mqueue is a file system which is used to suport POSIX msg queue.
+	 Say y to get Access Control Lists support for mqueue file system.
+
 config HUGETLBFS
 	bool "HugeTLB file system support"
 	depends on X86 || IA64 || SPARC64 || (S390 && 64BIT) || \
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 14fb6d6..e9d7ea9 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -10,6 +10,9 @@
  *
  * Audit:                   George Wilson           (ltcgcw@us.ibm.com)
  *
+ * ACL:
+ * Copyright (c) 2011       Zhou Peng               (ailvpeng25@gmail.com)
+ *
  * This file is released under the GPL.
  */

@@ -33,6 +36,9 @@
 #include <linux/pid.h>
 #include <linux/ipc_namespace.h>
 #include <linux/slab.h>
+#include <linux/xattr.h>
+#include <linux/posix_acl.h>
+#include <linux/generic_acl.h>

 #include <net/sock.h>
 #include "util.h"
@@ -76,6 +82,9 @@ struct mqueue_inode_info {
 };

 static const struct inode_operations mqueue_dir_inode_operations;
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+static const struct inode_operations mqueue_inode_operations;
+#endif
 static const struct file_operations mqueue_file_operations;
 static const struct super_operations mqueue_super_ops;
 static void remove_notification(struct mqueue_inode_info *info);
@@ -84,6 +93,14 @@ static struct kmem_cache *mqueue_inode_cachep;

 static struct ctl_table_header * mq_sysctl_table;

+#ifdef CONFIG_MQUEUE_POSIX_ACL
+static const struct xattr_handler *mqueue_xattr_handlers[] = {
+	&generic_acl_access_handler,
+	&generic_acl_default_handler,
+	NULL
+};
+#endif
+
 static inline struct mqueue_inode_info *MQUEUE_I(struct inode *inode)
 {
 	return container_of(inode, struct mqueue_inode_info, vfs_inode);
@@ -122,12 +139,19 @@ static struct inode *mqueue_get_inode(struct
super_block *sb,
 		inode->i_gid = current_fsgid();
 		inode->i_mtime = inode->i_ctime = inode->i_atime =
 				CURRENT_TIME;
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+		cache_no_acl(inode);
+#endif

 		if (S_ISREG(mode)) {
 			struct mqueue_inode_info *info;
 			struct task_struct *p = current;
 			unsigned long mq_bytes, mq_msg_tblsz;

+#ifdef CONFIG_MQUEUE_POSIX_ACL			
+			inode->i_op = &mqueue_inode_operations;
+#endif
+
 			inode->i_fop = &mqueue_file_operations;
 			inode->i_size = FILENT_SIZE;
 			/* mqueue specific info */
@@ -192,6 +216,11 @@ static int mqueue_fill_super(struct super_block
*sb, void *data, int silent)
 	sb->s_magic = MQUEUE_MAGIC;
 	sb->s_op = &mqueue_super_ops;

+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	sb->s_xattr = mqueue_xattr_handlers;
+	sb->s_flags |= MS_POSIXACL;
+#endif
+
 	inode = mqueue_get_inode(sb, ns, S_IFDIR | S_ISVTX | S_IRWXUGO,
 				NULL);
 	if (!inode) {
@@ -322,6 +351,16 @@ static int mqueue_create(struct inode *dir,
struct dentry *dentry,
 		goto out_unlock;
 	}

+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	error = generic_acl_init(inode, dir);
+	if (error) {
+		iput(inode);
+		spin_lock(&mq_lock);
+		ipc_ns->mq_queues_count--;
+		goto out_unlock;
+	}
+#endif
+
 	put_ipc_ns(ipc_ns);
 	dir->i_size += DIRENT_SIZE;
 	dir->i_ctime = dir->i_mtime = dir->i_atime = CURRENT_TIME;
@@ -1217,10 +1256,46 @@ out:
 	return ret;
 }

+#ifdef CONFIG_MQUEUE_POSIX_ACL
+static int mqueue_setattr(struct dentry *dentry, struct iattr *attr)
+{
+	struct inode *inode = dentry->d_inode;
+	int error;
+
+	error = simple_setattr(dentry, attr);
+	if (error)
+		return error;
+
+	if (attr->ia_valid & ATTR_MODE)
+		error = generic_acl_chmod(inode);
+
+	return error;
+}
+#endif
+
 static const struct inode_operations mqueue_dir_inode_operations = {
 	.lookup = simple_lookup,
 	.create = mqueue_create,
 	.unlink = mqueue_unlink,
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	.setxattr    = generic_setxattr,
+	.getxattr    = generic_getxattr,
+	.listxattr   = generic_listxattr,
+	.removexattr = generic_removexattr,
+	.check_acl   = generic_check_acl,
+	.setattr     = mqueue_setattr,
+#endif
+};
+
+static const struct inode_operations mqueue_inode_operations = {
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	.setxattr    = generic_setxattr,
+	.getxattr    = generic_getxattr,
+	.listxattr   = generic_listxattr,
+	.removexattr = generic_removexattr,
+	.check_acl   = generic_check_acl,
+	.setattr     = mqueue_setattr,
+#endif
 };

 static const struct file_operations mqueue_file_operations = {

--
Zhou Peng

[-- Attachment #2: posix_msg_queue_acl_linux 3.0.4.diff --]
[-- Type: text/x-patch, Size: 4696 bytes --]

This patch adds ACL supports to mqueue filesystem.
Based on Linux 3.0.4.

Signed-off-by: Zhou Peng <zhoupeng@nfs.iscas.ac.cn>

diff --git a/fs/Kconfig b/fs/Kconfig
index 19891aa..dbf0aca 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -151,6 +151,14 @@ config TMPFS_XATTR
 
 	  If unsure, say N.
 
+config MQUEUE_POSIX_ACL
+       bool "Mqueue POSIX Access Control Lists support"
+       depends on POSIX_MQUEUE
+       select GENERIC_ACL
+       help
+         Mqueue is a file system which is used to suport POSIX msg queue.
+	 Say y to get Access Control Lists support for mqueue file system.
+
 config HUGETLBFS
 	bool "HugeTLB file system support"
 	depends on X86 || IA64 || SPARC64 || (S390 && 64BIT) || \
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 14fb6d6..e9d7ea9 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -10,6 +10,9 @@
  *
  * Audit:                   George Wilson           (ltcgcw@us.ibm.com)
  *
+ * ACL:
+ * Copyright (c) 2011       Zhou Peng               (ailvpeng25@gmail.com)
+ *
  * This file is released under the GPL.
  */
 
@@ -33,6 +36,9 @@
 #include <linux/pid.h>
 #include <linux/ipc_namespace.h>
 #include <linux/slab.h>
+#include <linux/xattr.h>
+#include <linux/posix_acl.h>
+#include <linux/generic_acl.h>
 
 #include <net/sock.h>
 #include "util.h"
@@ -76,6 +82,9 @@ struct mqueue_inode_info {
 };
 
 static const struct inode_operations mqueue_dir_inode_operations;
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+static const struct inode_operations mqueue_inode_operations;
+#endif
 static const struct file_operations mqueue_file_operations;
 static const struct super_operations mqueue_super_ops;
 static void remove_notification(struct mqueue_inode_info *info);
@@ -84,6 +93,14 @@ static struct kmem_cache *mqueue_inode_cachep;
 
 static struct ctl_table_header * mq_sysctl_table;
 
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+static const struct xattr_handler *mqueue_xattr_handlers[] = {
+	&generic_acl_access_handler,
+	&generic_acl_default_handler,
+	NULL
+};
+#endif
+
 static inline struct mqueue_inode_info *MQUEUE_I(struct inode *inode)
 {
 	return container_of(inode, struct mqueue_inode_info, vfs_inode);
@@ -122,12 +139,19 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
 		inode->i_gid = current_fsgid();
 		inode->i_mtime = inode->i_ctime = inode->i_atime =
 				CURRENT_TIME;
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+		cache_no_acl(inode);
+#endif
 
 		if (S_ISREG(mode)) {
 			struct mqueue_inode_info *info;
 			struct task_struct *p = current;
 			unsigned long mq_bytes, mq_msg_tblsz;
 
+#ifdef CONFIG_MQUEUE_POSIX_ACL			
+			inode->i_op = &mqueue_inode_operations;
+#endif
+
 			inode->i_fop = &mqueue_file_operations;
 			inode->i_size = FILENT_SIZE;
 			/* mqueue specific info */
@@ -192,6 +216,11 @@ static int mqueue_fill_super(struct super_block *sb, void *data, int silent)
 	sb->s_magic = MQUEUE_MAGIC;
 	sb->s_op = &mqueue_super_ops;
 
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	sb->s_xattr = mqueue_xattr_handlers;
+	sb->s_flags |= MS_POSIXACL;
+#endif
+
 	inode = mqueue_get_inode(sb, ns, S_IFDIR | S_ISVTX | S_IRWXUGO,
 				NULL);
 	if (!inode) {
@@ -322,6 +351,16 @@ static int mqueue_create(struct inode *dir, struct dentry *dentry,
 		goto out_unlock;
 	}
 
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	error = generic_acl_init(inode, dir);
+	if (error) {
+		iput(inode);
+		spin_lock(&mq_lock);
+		ipc_ns->mq_queues_count--;
+		goto out_unlock;
+	}
+#endif
+
 	put_ipc_ns(ipc_ns);
 	dir->i_size += DIRENT_SIZE;
 	dir->i_ctime = dir->i_mtime = dir->i_atime = CURRENT_TIME;
@@ -1217,10 +1256,46 @@ out:
 	return ret;
 }
 
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+static int mqueue_setattr(struct dentry *dentry, struct iattr *attr)
+{
+	struct inode *inode = dentry->d_inode;
+	int error;
+
+	error = simple_setattr(dentry, attr);
+	if (error)
+		return error;
+
+	if (attr->ia_valid & ATTR_MODE)
+		error = generic_acl_chmod(inode);
+
+	return error;
+}
+#endif
+
 static const struct inode_operations mqueue_dir_inode_operations = {
 	.lookup = simple_lookup,
 	.create = mqueue_create,
 	.unlink = mqueue_unlink,
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	.setxattr    = generic_setxattr,
+	.getxattr    = generic_getxattr,
+	.listxattr   = generic_listxattr,
+	.removexattr = generic_removexattr,
+	.check_acl   = generic_check_acl,
+	.setattr     = mqueue_setattr,
+#endif
+};
+
+static const struct inode_operations mqueue_inode_operations = {
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	.setxattr    = generic_setxattr,
+	.getxattr    = generic_getxattr,
+	.listxattr   = generic_listxattr,
+	.removexattr = generic_removexattr,
+	.check_acl   = generic_check_acl,
+	.setattr     = mqueue_setattr,
+#endif
 };
 
 static const struct file_operations mqueue_file_operations = {

Re: [PATCH] ACL supports to mqueue

[James Morris]

On Thu, 20 Oct 2011, Zhou Peng wrote:

> This patch adds ACL supports to mqueue filesystem.
> Based on Linux 3.0.4.

Why is this necessary, and who is planning to use it?

Are any distros likely to enable this?


- James
-- 
James Morris
<jmorris@namei.org>

Re: [PATCH] ACL supports to mqueue

[Zhou Peng]

Thank you James for your viewing.

* In general, it can give a more fine grained and flexible DAC to msg queue obj.
* NFSARK(A distro) wants all posix ipc objects to support ACL, including mqueue.
* Posix semphore and shmem both support ACL, but mqueue as one of the
three basic ipc doesn't.
* At least, it may save one note sentence for MQ_OVERVIEW(7)   ^_^
    "Linux does not currently (2.6.26) support the use of access
control lists (ACLs) for POSIX message queues."
    http://www.kernel.org/doc/man-pages/online/pages/man7/mq_overview.7.html

On Thu, Oct 20, 2011 at 11:33 PM, James Morris <jmorris@namei.org> wrote:
> On Thu, 20 Oct 2011, Zhou Peng wrote:
>
>> This patch adds ACL supports to mqueue filesystem.
>> Based on Linux 3.0.4.
>
> Why is this necessary, and who is planning to use it?
>
> Are any distros likely to enable this?
>
>
> - James
> --
> James Morris
> <jmorris@namei.org>
>



-- 
Zhou Peng

Re: [PATCH] ACL supports to mqueue

[Zhou Peng]

Hi, how about this patch pls?

On Fri, Oct 21, 2011 at 6:46 PM, Zhou Peng <ailvpeng25@gmail.com> wrote:
> * In general, it can give a more fine grained and flexible DAC to msg queue obj.
> * NFSARK(A distro) wants all posix ipc objects to support ACL, including mqueue.
> * Posix semphore and shmem both support ACL, but mqueue as one of the
> three basic ipc doesn't.
> * At least, it may save one note sentence for MQ_OVERVIEW(7)   ^_^
>    "Linux does not currently (2.6.26) support the use of access
> control lists (ACLs) for POSIX message queues."
>    http://www.kernel.org/doc/man-pages/online/pages/man7/mq_overview.7.html
>
> On Thu, Oct 20, 2011 at 11:33 PM, James Morris <jmorris@namei.org> wrote:
> > On Thu, 20 Oct 2011, Zhou Peng wrote:
> >
> >> This patch adds ACL supports to mqueue filesystem.
> >> Based on Linux 3.0.4.
> >
> > Why is this necessary, and who is planning to use it?
> >
> > Are any distros likely to enable this?
> >
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] ACL supports to mqueue

[James Morris]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 1154 bytes --]

On Tue, 25 Oct 2011, Zhou Peng wrote:

> Hi, how about this patch pls?

I'm not convinced that this is a necessary feature for the mainline 
kernel.

> 
> On Fri, Oct 21, 2011 at 6:46 PM, Zhou Peng <ailvpeng25@gmail.com> wrote:
> > * In general, it can give a more fine grained and flexible DAC to msg queue obj.
> > * NFSARK(A distro) wants all posix ipc objects to support ACL, including mqueue.
> > * Posix semphore and shmem both support ACL, but mqueue as one of the
> > three basic ipc doesn't.
> > * At least, it may save one note sentence for MQ_OVERVIEW(7)   ^_^
> >    "Linux does not currently (2.6.26) support the use of access
> > control lists (ACLs) for POSIX message queues."
> >    http://www.kernel.org/doc/man-pages/online/pages/man7/mq_overview.7.html
> >
> > On Thu, Oct 20, 2011 at 11:33 PM, James Morris <jmorris@namei.org> wrote:
> > > On Thu, 20 Oct 2011, Zhou Peng wrote:
> > >
> > >> This patch adds ACL supports to mqueue filesystem.
> > >> Based on Linux 3.0.4.
> > >
> > > Why is this necessary, and who is planning to use it?
> > >
> > > Are any distros likely to enable this?
> > >
> 

-- 
James Morris
<jmorris@namei.org>

Re: [PATCH] ACL supports to mqueue

[James Morris]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 1505 bytes --]

On Thu, 27 Oct 2011, James Morris wrote:

> On Tue, 25 Oct 2011, Zhou Peng wrote:
> 
> > Hi, how about this patch pls?
> 
> I'm not convinced that this is a necessary feature for the mainline 
> kernel.

It also needs more review, from at least other security folk, and ideally
also from fs/vfs folk.

Why does NFSARK want this supportr?  Are its users asking for it?  (I 
couldn't find the distro, btw).



> 
> > 
> > On Fri, Oct 21, 2011 at 6:46 PM, Zhou Peng <ailvpeng25@gmail.com> wrote:
> > > * In general, it can give a more fine grained and flexible DAC to msg queue obj.
> > > * NFSARK(A distro) wants all posix ipc objects to support ACL, including mqueue.
> > > * Posix semphore and shmem both support ACL, but mqueue as one of the
> > > three basic ipc doesn't.
> > > * At least, it may save one note sentence for MQ_OVERVIEW(7)   ^_^
> > >    "Linux does not currently (2.6.26) support the use of access
> > > control lists (ACLs) for POSIX message queues."
> > >    http://www.kernel.org/doc/man-pages/online/pages/man7/mq_overview.7.html
> > >
> > > On Thu, Oct 20, 2011 at 11:33 PM, James Morris <jmorris@namei.org> wrote:
> > > > On Thu, 20 Oct 2011, Zhou Peng wrote:
> > > >
> > > >> This patch adds ACL supports to mqueue filesystem.
> > > >> Based on Linux 3.0.4.
> > > >
> > > > Why is this necessary, and who is planning to use it?
> > > >
> > > > Are any distros likely to enable this?
> > > >
> > 
> 
> -- 
> James Morris
> <jmorris@namei.org>

-- 
James Morris
<jmorris@namei.org>

Re: [PATCH] ACL supports to mqueue

[Zhou Peng]

Sorry for late reply, the mail skiped the inbox
and to the lkml label directly of gmail.
On Fri, Oct 28, 2011 at 7:47 AM, James Morris <jmorris@namei.org> wrote:
> On Thu, 27 Oct 2011, James Morris wrote:
>
>> On Tue, 25 Oct 2011, Zhou Peng wrote:
>>
>> > Hi, how about this patch pls?
>>
>> I'm not convinced that this is a necessary feature for the mainline
>> kernel.
>
> It also needs more review, from at least other security folk, and ideally
> also from fs/vfs folk.
Thank you James.
I cc to Alexander Viro (VFS),
Chris Wright (LSM),
Hugh Dickins (TMPFS),
Stephen Smalley (SELINUX),
Kentaro Takeda, Tetsuo Handa (TOMOYO),
John Johansen (APPARMOR)
Hope any review
> Why does NFSARK want this supportr?  Are its users asking for it?  (I
> couldn't find the distro, btw).
Yes, it's user asks for acl for ipc,
It is a distro by nfschina.
>>
>> >
>> > On Fri, Oct 21, 2011 at 6:46 PM, Zhou Peng <ailvpeng25@gmail.com> wrote:
>> > > * In general, it can give a more fine grained and flexible DAC to msg queue obj.
>> > > * NFSARK(A distro) wants all posix ipc objects to support ACL, including mqueue.
>> > > * Posix semphore and shmem both support ACL, but mqueue as one of the
>> > > three basic ipc doesn't.
>> > > * At least, it may save one note sentence for MQ_OVERVIEW(7)   ^_^
>> > >    "Linux does not currently (2.6.26) support the use of access
>> > > control lists (ACLs) for POSIX message queues."
>> > >    http://www.kernel.org/doc/man-pages/online/pages/man7/mq_overview.7.html
>> > >
>> > > On Thu, Oct 20, 2011 at 11:33 PM, James Morris <jmorris@namei.org> wrote:
>> > > > On Thu, 20 Oct 2011, Zhou Peng wrote:
>> > > >
>> > > >> This patch adds ACL supports to mqueue filesystem.
>> > > >> Based on Linux 3.0.4.
>> > > >
>> > > > Why is this necessary, and who is planning to use it?
>> > > >
>> > > > Are any distros likely to enable this?

-- 
Zhou Peng

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH] ACL supports to mqueue

[Zhou Peng]

On Thu, Nov 3, 2011 at 7:26 PM, Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
> I'm not the person to judge the need of this feature, but
>
> | +static const struct inode_operations mqueue_inode_operations = {
> | +#ifdef CONFIG_MQUEUE_POSIX_ACL
> | +     .setxattr    = generic_setxattr,
> | +     .getxattr    = generic_getxattr,
> | +     .listxattr   = generic_listxattr,
> | +     .removexattr = generic_removexattr,
> | +     .check_acl   = generic_check_acl,
> | +     .setattr     = mqueue_setattr,
> | +#endif
> |  };
>
> no need to define mqueue_inode_operations if !CONFIG_MQUEUE_POSIX_ACL. ;-)

Thank you Tetsuo Handa.
The fixed patch is listed in line below.
-----

This patch adds ACL supports to mqueue filesystem.
Based on Linux 3.0.4.

Signed-off-by: Zhou Peng <zhoupeng@nfs.iscas.ac.cn>

diff --git a/fs/Kconfig b/fs/Kconfig
index 19891aa..dbf0aca 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -151,6 +151,14 @@ config TMPFS_XATTR

 	  If unsure, say N.

+config MQUEUE_POSIX_ACL
+       bool "Mqueue POSIX Access Control Lists support"
+       depends on POSIX_MQUEUE
+       select GENERIC_ACL
+       help
+         Mqueue is a file system which is used to suport POSIX msg queue.
+	 Say y to get Access Control Lists support for mqueue file system.
+
 config HUGETLBFS
 	bool "HugeTLB file system support"
 	depends on X86 || IA64 || SPARC64 || (S390 && 64BIT) || \
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 14fb6d6..73cdee2 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -10,6 +10,9 @@
  *
  * Audit:                   George Wilson           (ltcgcw@us.ibm.com)
  *
+ * ACL:
+ * Copyright (c) 2011       Zhou Peng               (ailvpeng25@gmail.com)
+ *
  * This file is released under the GPL.
  */

@@ -33,6 +36,9 @@
 #include <linux/pid.h>
 #include <linux/ipc_namespace.h>
 #include <linux/slab.h>
+#include <linux/xattr.h>
+#include <linux/posix_acl.h>
+#include <linux/generic_acl.h>

 #include <net/sock.h>
 #include "util.h"
@@ -76,6 +82,9 @@ struct mqueue_inode_info {
 };

 static const struct inode_operations mqueue_dir_inode_operations;
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+static const struct inode_operations mqueue_inode_operations;
+#endif
 static const struct file_operations mqueue_file_operations;
 static const struct super_operations mqueue_super_ops;
 static void remove_notification(struct mqueue_inode_info *info);
@@ -84,6 +93,14 @@ static struct kmem_cache *mqueue_inode_cachep;

 static struct ctl_table_header * mq_sysctl_table;

+#ifdef CONFIG_MQUEUE_POSIX_ACL
+static const struct xattr_handler *mqueue_xattr_handlers[] = {
+	&generic_acl_access_handler,
+	&generic_acl_default_handler,
+	NULL
+};
+#endif
+
 static inline struct mqueue_inode_info *MQUEUE_I(struct inode *inode)
 {
 	return container_of(inode, struct mqueue_inode_info, vfs_inode);
@@ -122,12 +139,19 @@ static struct inode *mqueue_get_inode(struct
super_block *sb,
 		inode->i_gid = current_fsgid();
 		inode->i_mtime = inode->i_ctime = inode->i_atime =
 				CURRENT_TIME;
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+		cache_no_acl(inode);
+#endif

 		if (S_ISREG(mode)) {
 			struct mqueue_inode_info *info;
 			struct task_struct *p = current;
 			unsigned long mq_bytes, mq_msg_tblsz;

+#ifdef CONFIG_MQUEUE_POSIX_ACL			
+			inode->i_op = &mqueue_inode_operations;
+#endif
+
 			inode->i_fop = &mqueue_file_operations;
 			inode->i_size = FILENT_SIZE;
 			/* mqueue specific info */
@@ -192,6 +216,11 @@ static int mqueue_fill_super(struct super_block
*sb, void *data, int silent)
 	sb->s_magic = MQUEUE_MAGIC;
 	sb->s_op = &mqueue_super_ops;

+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	sb->s_xattr = mqueue_xattr_handlers;
+	sb->s_flags |= MS_POSIXACL;
+#endif
+
 	inode = mqueue_get_inode(sb, ns, S_IFDIR | S_ISVTX | S_IRWXUGO,
 				NULL);
 	if (!inode) {
@@ -322,6 +351,16 @@ static int mqueue_create(struct inode *dir,
struct dentry *dentry,
 		goto out_unlock;
 	}

+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	error = generic_acl_init(inode, dir);
+	if (error) {
+		iput(inode);
+		spin_lock(&mq_lock);
+		ipc_ns->mq_queues_count--;
+		goto out_unlock;
+	}
+#endif
+
 	put_ipc_ns(ipc_ns);
 	dir->i_size += DIRENT_SIZE;
 	dir->i_ctime = dir->i_mtime = dir->i_atime = CURRENT_TIME;
@@ -1217,11 +1256,47 @@ out:
 	return ret;
 }

+#ifdef CONFIG_MQUEUE_POSIX_ACL
+static int mqueue_setattr(struct dentry *dentry, struct iattr *attr)
+{
+	struct inode *inode = dentry->d_inode;
+	int error;
+
+	error = simple_setattr(dentry, attr);
+	if (error)
+		return error;
+
+	if (attr->ia_valid & ATTR_MODE)
+		error = generic_acl_chmod(inode);
+
+	return error;
+}
+#endif
+
 static const struct inode_operations mqueue_dir_inode_operations = {
 	.lookup = simple_lookup,
 	.create = mqueue_create,
 	.unlink = mqueue_unlink,
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	.setxattr    = generic_setxattr,
+	.getxattr    = generic_getxattr,
+	.listxattr   = generic_listxattr,
+	.removexattr = generic_removexattr,
+	.check_acl   = generic_check_acl,
+	.setattr     = mqueue_setattr,
+#endif
+};
+
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+static const struct inode_operations mqueue_inode_operations = {
+	.setxattr    = generic_setxattr,
+	.getxattr    = generic_getxattr,
+	.listxattr   = generic_listxattr,
+	.removexattr = generic_removexattr,
+	.check_acl   = generic_check_acl,
+	.setattr     = mqueue_setattr,
 };
+#endif

 static const struct file_operations mqueue_file_operations = {
 	.flush = mqueue_flush_file,
--
Zhou Peng