From: Christian Brauner <brauner@kernel.org>
To: linux-fsdevel@vger.kernel.org
Cc: Christian Brauner <brauner@kernel.org>,
Seth Forshee <sforshee@kernel.org>,
Christoph Hellwig <hch@lst.de>, Al Viro <viro@zeniv.linux.org.uk>,
Miklos Szeredi <miklos@szeredi.hu>,
Amir Goldstein <amir73il@gmail.com>,
linux-unionfs@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: [PATCH v5 27/30] ovl: use stub posix acl handlers
Date: Tue, 18 Oct 2022 13:56:57 +0200 [thread overview]
Message-ID: <20221018115700.166010-28-brauner@kernel.org> (raw)
In-Reply-To: <20221018115700.166010-1-brauner@kernel.org>
Now that ovl supports the get and set acl inode operations and the vfs
has been switched to the new posi api, ovl can simply rely on the stub
posix acl handlers. The custom xattr handlers and associated unused
helpers can be removed.
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
Notes:
/* v2 */
unchanged
/* v3 */
unchanged
/* v4 */
unchanged
/* v5 */
unchanged
fs/overlayfs/super.c | 101 ++-----------------------------------------
1 file changed, 4 insertions(+), 97 deletions(-)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 5c1b7971a9b3..2addafe4e14a 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -999,83 +999,6 @@ static unsigned int ovl_split_lowerdirs(char *str)
return ctr;
}
-static int __maybe_unused
-ovl_posix_acl_xattr_get(const struct xattr_handler *handler,
- struct dentry *dentry, struct inode *inode,
- const char *name, void *buffer, size_t size)
-{
- return ovl_xattr_get(dentry, inode, handler->name, buffer, size);
-}
-
-static int __maybe_unused
-ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
- struct user_namespace *mnt_userns,
- struct dentry *dentry, struct inode *inode,
- const char *name, const void *value,
- size_t size, int flags)
-{
- struct dentry *workdir = ovl_workdir(dentry);
- struct inode *realinode = ovl_inode_real(inode);
- struct posix_acl *acl = NULL;
- int err;
-
- /* Check that everything is OK before copy-up */
- if (value) {
- /* The above comment can be understood in two ways:
- *
- * 1. We just want to check whether the basic POSIX ACL format
- * is ok. For example, if the header is correct and the size
- * is sane.
- * 2. We want to know whether the ACL_{GROUP,USER} entries can
- * be mapped according to the underlying filesystem.
- *
- * Currently, we only check 1. If we wanted to check 2. we
- * would need to pass the mnt_userns and the fs_userns of the
- * underlying filesystem. But frankly, I think checking 1. is
- * enough to start the copy-up.
- */
- acl = vfs_set_acl_prepare(&init_user_ns, &init_user_ns, value, size);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
- }
- err = -EOPNOTSUPP;
- if (!IS_POSIXACL(d_inode(workdir)))
- goto out_acl_release;
- if (!realinode->i_op->set_acl)
- goto out_acl_release;
- if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) {
- err = acl ? -EACCES : 0;
- goto out_acl_release;
- }
- err = -EPERM;
- if (!inode_owner_or_capable(&init_user_ns, inode))
- goto out_acl_release;
-
- posix_acl_release(acl);
-
- /*
- * Check if sgid bit needs to be cleared (actual setacl operation will
- * be done with mounter's capabilities and so that won't do it for us).
- */
- if (unlikely(inode->i_mode & S_ISGID) &&
- handler->flags == ACL_TYPE_ACCESS &&
- !in_group_p(inode->i_gid) &&
- !capable_wrt_inode_uidgid(&init_user_ns, inode, CAP_FSETID)) {
- struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };
-
- err = ovl_setattr(&init_user_ns, dentry, &iattr);
- if (err)
- return err;
- }
-
- err = ovl_xattr_set(dentry, inode, handler->name, value, size, flags);
- return err;
-
-out_acl_release:
- posix_acl_release(acl);
- return err;
-}
-
static int ovl_own_xattr_get(const struct xattr_handler *handler,
struct dentry *dentry, struct inode *inode,
const char *name, void *buffer, size_t size)
@@ -1108,22 +1031,6 @@ static int ovl_other_xattr_set(const struct xattr_handler *handler,
return ovl_xattr_set(dentry, inode, name, value, size, flags);
}
-static const struct xattr_handler __maybe_unused
-ovl_posix_acl_access_xattr_handler = {
- .name = XATTR_NAME_POSIX_ACL_ACCESS,
- .flags = ACL_TYPE_ACCESS,
- .get = ovl_posix_acl_xattr_get,
- .set = ovl_posix_acl_xattr_set,
-};
-
-static const struct xattr_handler __maybe_unused
-ovl_posix_acl_default_xattr_handler = {
- .name = XATTR_NAME_POSIX_ACL_DEFAULT,
- .flags = ACL_TYPE_DEFAULT,
- .get = ovl_posix_acl_xattr_get,
- .set = ovl_posix_acl_xattr_set,
-};
-
static const struct xattr_handler ovl_own_trusted_xattr_handler = {
.prefix = OVL_XATTR_TRUSTED_PREFIX,
.get = ovl_own_xattr_get,
@@ -1144,8 +1051,8 @@ static const struct xattr_handler ovl_other_xattr_handler = {
static const struct xattr_handler *ovl_trusted_xattr_handlers[] = {
#ifdef CONFIG_FS_POSIX_ACL
- &ovl_posix_acl_access_xattr_handler,
- &ovl_posix_acl_default_xattr_handler,
+ &posix_acl_access_xattr_handler,
+ &posix_acl_default_xattr_handler,
#endif
&ovl_own_trusted_xattr_handler,
&ovl_other_xattr_handler,
@@ -1154,8 +1061,8 @@ static const struct xattr_handler *ovl_trusted_xattr_handlers[] = {
static const struct xattr_handler *ovl_user_xattr_handlers[] = {
#ifdef CONFIG_FS_POSIX_ACL
- &ovl_posix_acl_access_xattr_handler,
- &ovl_posix_acl_default_xattr_handler,
+ &posix_acl_access_xattr_handler,
+ &posix_acl_default_xattr_handler,
#endif
&ovl_own_user_xattr_handler,
&ovl_other_xattr_handler,
--
2.34.1
next prev parent reply other threads:[~2022-10-18 12:00 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-18 11:56 [PATCH v5 00/30] acl: add vfs posix acl api Christian Brauner
2022-10-18 11:56 ` [PATCH v5 01/30] orangefs: rework posix acl handling when creating new filesystem objects Christian Brauner
2022-10-18 11:56 ` [PATCH v5 02/30] fs: pass dentry to set acl method Christian Brauner
2022-11-18 10:09 ` Mickaël Salaün
2022-11-18 10:33 ` Christian Brauner
2022-11-18 12:32 ` Mickaël Salaün
2022-10-18 11:56 ` [PATCH v5 03/30] fs: rename current get " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 04/30] fs: add new " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 05/30] cifs: implement " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 06/30] cifs: implement set " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 07/30] 9p: implement get " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 08/30] 9p: implement set " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 09/30] security: add get, remove and set acl hook Christian Brauner
2022-10-18 11:56 ` [PATCH v5 10/30] selinux: implement get, set and remove " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 11/30] smack: " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 12/30] integrity: implement get and set " Christian Brauner
2022-10-18 19:17 ` Paul Moore
2022-10-18 11:56 ` [PATCH v5 13/30] evm: add post " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 14/30] internal: add may_write_xattr() Christian Brauner
2022-10-18 11:56 ` [PATCH v5 15/30] acl: add vfs_set_acl() Christian Brauner
2022-10-18 11:56 ` [PATCH v5 16/30] acl: add vfs_get_acl() Christian Brauner
2022-10-18 11:56 ` [PATCH v5 17/30] acl: add vfs_remove_acl() Christian Brauner
2022-10-18 11:56 ` [PATCH v5 18/30] ksmbd: use vfs_remove_acl() Christian Brauner
2022-10-18 11:56 ` [PATCH v5 19/30] ecryptfs: implement get acl method Christian Brauner
2022-10-18 11:56 ` [PATCH v5 20/30] ecryptfs: implement set " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 21/30] ovl: implement get " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 22/30] ovl: implement set " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 23/30] ovl: use posix acl api Christian Brauner
2022-10-18 11:56 ` [PATCH v5 24/30] xattr: " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 25/30] evm: remove evm_xattr_acl_change() Christian Brauner
2022-10-18 11:56 ` [PATCH v5 26/30] ecryptfs: use stub posix acl handlers Christian Brauner
2022-10-18 11:56 ` Christian Brauner [this message]
2022-10-18 11:56 ` [PATCH v5 28/30] cifs: " Christian Brauner
2022-10-18 11:56 ` [PATCH v5 29/30] 9p: " Christian Brauner
2022-10-18 11:57 ` [PATCH v5 30/30] acl: remove a slew of now unused helpers Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221018115700.166010-28-brauner@kernel.org \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=sforshee@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).