public inbox for linux-xfs@vger.kernel.org
 help / color / mirror / Atom feed
From: Dave Chinner <david@fromorbit.com>
To: Andreas Gruenbacher <agruenba@redhat.com>
Cc: Brian Foster <bfoster@redhat.com>, xfs@oss.sgi.com
Subject: Re: [PATCH 3/4] xfs: SGI ACLs: Map uid/gid namespaces
Date: Tue, 27 Oct 2015 08:46:51 +1100	[thread overview]
Message-ID: <20151026214651.GJ8773@dastard> (raw)
In-Reply-To: <1445721369-25679-4-git-send-email-agruenba@redhat.com>

On Sat, Oct 24, 2015 at 11:16:08PM +0200, Andreas Gruenbacher wrote:
> Map uids and gids in the trusted.SGI_ACL_{FILE,DEFAULT} attributes between
> the kernel and user-space namespaces.  This needs to be done in the
> filesystem because the VFS is unaware of those attributes; for the standard
> POSIX ACL attributes, the VFS takes care of that for us.
> 
> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
> ---
>  fs/xfs/xfs_acl.c | 29 +++++++++++++++++++----------
>  1 file changed, 19 insertions(+), 10 deletions(-)
> 
> diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
> index 0eea7ee..64ffb85 100644
> --- a/fs/xfs/xfs_acl.c
> +++ b/fs/xfs/xfs_acl.c
> @@ -39,7 +39,8 @@ STATIC struct posix_acl *
>  xfs_acl_from_disk(
>  	const struct xfs_acl	*aclp,
>  	int			len,
> -	int			max_entries)
> +	int			max_entries,
> +	struct user_namespace	*ns)
>  {
>  	struct posix_acl_entry *acl_e;
>  	struct posix_acl *acl;
> @@ -71,10 +72,10 @@ xfs_acl_from_disk(
>  
>  		switch (acl_e->e_tag) {
>  		case ACL_USER:
> -			acl_e->e_uid = xfs_uid_to_kuid(be32_to_cpu(ace->ae_id));
> +			acl_e->e_uid = make_kuid(ns, be32_to_cpu(ace->ae_id));

Please don't replace the xfs wrappers with the horribly named
generic functions. Pass the namespace to xfs_uid_to_kuid(), and
modify them, please. That way people who don't deal with namespaces
every day can tell exactly what format conversion is taking place
just by reading the code...

This namespace stuff is awful twisty. The posix layer does a user-ns
to init-ns conversion and here we do a no-op init-ns to init-ns
conversion. That needs comments in the code to explain exactly why
one path needs user-ns conversion and the other doesn't, because I'm
sure as hell not going to remember why these code paths are
different in 6 months time.

Cheers,

Dave.
-- 
Dave Chinner
david@fromorbit.com

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs

  reply	other threads:[~2015-10-26 21:47 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-23 13:52 Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT} Andreas Gruenbacher
2015-10-24 12:57 ` Brian Foster
2015-10-24 13:58   ` Andreas Gruenbacher
2015-10-24 15:22     ` Brian Foster
2015-10-24 15:36       ` Brian Foster
2015-10-24 21:05       ` Andreas Gruenbacher
2015-10-24 21:16         ` [PATCH 0/4] xfs: SGI ACL Fixes Andreas Gruenbacher
2015-10-24 21:16           ` [PATCH 1/4] xfs: Validate the length of on-disk ACLs Andreas Gruenbacher
2015-10-24 21:16           ` [PATCH 2/4] xfs: SGI ACLs: Fix caching and mode setting Andreas Gruenbacher
2015-10-26 14:02             ` Brian Foster
2015-10-26 15:39               ` Andreas Gruenbacher
2015-10-26 19:00                 ` Brian Foster
2015-10-24 21:16           ` [PATCH 3/4] xfs: SGI ACLs: Map uid/gid namespaces Andreas Gruenbacher
2015-10-26 21:46             ` Dave Chinner [this message]
2015-10-27 15:55               ` Andreas Gruenbacher
2015-10-27 19:55                 ` Dave Chinner
2015-10-27 21:10                   ` Andreas Gruenbacher
2015-10-27 22:37                     ` Dave Chinner
2015-10-27 23:38                       ` Andreas Gruenbacher
2015-10-24 21:16           ` [PATCH 4/4] xfs: SGI ACLs: Prepare for richacls Andreas Gruenbacher
2015-10-26 20:15             ` Andreas Gruenbacher
2015-10-26 14:02           ` [PATCH 0/4] xfs: SGI ACL Fixes Brian Foster
2015-10-26 21:32       ` Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT} Dave Chinner
2015-10-26 23:52         ` Andreas Gruenbacher
2015-10-27  5:30           ` Dave Chinner
2015-10-27 10:56             ` Andreas Gruenbacher
2015-10-27 20:18               ` Dave Chinner
2015-10-27 21:39                 ` Andreas Gruenbacher
2015-10-27 22:38                   ` Dave Chinner
2015-10-27 11:31             ` Brian Foster

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151026214651.GJ8773@dastard \
    --to=david@fromorbit.com \
    --cc=agruenba@redhat.com \
    --cc=bfoster@redhat.com \
    --cc=xfs@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox