From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
To: Dave Chinner <david@fromorbit.com>
Cc: agruen@kernel.org, bfields@fieldses.org,
akpm@linux-foundation.org, viro@zeniv.linux.org.uk,
dhowells@redhat.com, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH -V1 10/22] richacl: In-memory representation and helper functions
Date: Thu, 01 May 2014 21:12:15 +0530 [thread overview]
Message-ID: <87d2fxbj54.fsf@linux.vnet.ibm.com> (raw)
In-Reply-To: <20140429002457.GS15995@dastard>
Dave Chinner <david@fromorbit.com> writes:
> On Sun, Apr 27, 2014 at 09:44:41PM +0530, Aneesh Kumar K.V wrote:
>> From: Andreas Gruenbacher <agruen@kernel.org>
>>
>> A richacl consists of an NFSv4 acl and an owner, group, and other mask.
>> These three masks correspond to the owner, group, and other file
>> permission bits, but they contain NFSv4 permissions instead of POSIX
>> permissions.
>>
>> Each entry in the NFSv4 acl applies to the file owner (OWNER@), the
>> owning group (GROUP@), literally everyone (EVERYONE@), or to a specific
>> uid or gid.
>>
>> As in the standard POSIX file permission model, each process is the
>> owner, group, or other file class. A richacl grants a requested access
>> only if the NFSv4 acl in the richacl grants the access (according to the
>> NFSv4 permission check algorithm), and the file mask that applies to the
>> process includes the requested permissions.
>>
>> Signed-off-by: Andreas Gruenbacher <agruen@kernel.org>
>> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
> ....
>> +
>> +/**
>> + * richace_is_same_identifier - are both identifiers the same?
>> + */
>> +int
>> +richace_is_same_identifier(const struct richace *a, const struct richace *b)
>> +{
>> +#define WHO_FLAGS (ACE4_SPECIAL_WHO | ACE4_IDENTIFIER_GROUP)
>> + if ((a->e_flags & WHO_FLAGS) != (b->e_flags & WHO_FLAGS))
>> + return 0;
>> + return a->e_id == b->e_id;
>> +#undef WHO_FLAGS
>
> Ugh.
>
> ....
Will remove.
>
>> +#define richacl_for_each_entry(_ace, _acl) \
>> + for (_ace = _acl->a_entries; \
>> + _ace != _acl->a_entries + _acl->a_count; \
>> + _ace++)
>> +
>> +#define richacl_for_each_entry_reverse(_ace, _acl) \
>> + for (_ace = _acl->a_entries + _acl->a_count - 1; \
>> + _ace != _acl->a_entries - 1; \
>> + _ace--)
>
> somewhat lacking in ()...
Will add
>
>> +/* Flag values defined by rich-acl */
>> +#define ACL4_MASKED 0x80
>> +
>> +#define ACL4_VALID_FLAGS ( \
>> + ACL4_MASKED)
>> +
>> +/* e_type values */
>> +#define ACE4_ACCESS_ALLOWED_ACE_TYPE 0x0000
>> +#define ACE4_ACCESS_DENIED_ACE_TYPE 0x0001
>> +/*#define ACE4_SYSTEM_AUDIT_ACE_TYPE 0x0002*/
>> +/*#define ACE4_SYSTEM_ALARM_ACE_TYPE 0x0003*/
>
> What's with all the commented out types?
>
These are NFSv4 ACL ACE types which we are not implementing. Just left
it there for documentation.
-aneesh
next prev parent reply other threads:[~2014-05-01 15:42 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-27 16:14 [PATCH -V1 00/22] New ACL format for better NFSv4 acl interoperability Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 01/22] vfs: Add generic IS_ACL() test for acl support Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 02/22] vfs: Add IS_RICHACL() test for richacl support Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 03/22] vfs: Optimize out IS_RICHACL() if CONFIG_FS_RICHACL is not defined Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 04/22] vfs: check for directory early Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 05/22] vfs: Add new file and directory create permission flags Aneesh Kumar K.V
2014-04-28 11:23 ` Jeff Layton
2014-04-29 0:04 ` Dave Chinner
2014-05-01 15:16 ` Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 06/22] vfs: Add delete child and delete self " Aneesh Kumar K.V
2014-04-29 0:07 ` Dave Chinner
2014-05-01 15:18 ` Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 07/22] vfs: Make the inode passed to inode_change_ok non-const Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 08/22] vfs: Add permission flags for setting file attributes Aneesh Kumar K.V
2014-04-29 0:17 ` Dave Chinner
2014-05-01 15:20 ` Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 09/22] vfs: Make acl_permission_check() work for richacls Aneesh Kumar K.V
2014-04-29 0:20 ` Dave Chinner
2014-05-01 15:39 ` Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 10/22] richacl: In-memory representation and helper functions Aneesh Kumar K.V
2014-04-29 0:24 ` Dave Chinner
2014-05-01 15:42 ` Aneesh Kumar K.V [this message]
2014-05-06 9:35 ` Kinglong Mee
2014-04-27 16:14 ` [PATCH -V1 11/22] richacl: Permission mapping functions Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 12/22] richacl: Compute maximum file masks from an acl Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 13/22] richacl: Update the file masks in chmod() Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 14/22] richacl: Permission check algorithm Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 15/22] richacl: Create-time inheritance Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 16/22] richacl: Check if an acl is equivalent to a file mode Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 17/22] richacl: Automatic Inheritance Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 18/22] richacl: xattr mapping functions Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 19/22] vfs: Cache richacl in struct inode Aneesh Kumar K.V
2014-04-29 0:52 ` Dave Chinner
2014-04-29 12:16 ` Matthew Wilcox
2014-05-01 15:45 ` Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 20/22] vfs: Add richacl permission check Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 21/22] ext4: Implement rich acl for ext4 Aneesh Kumar K.V
2014-04-27 16:14 ` [PATCH -V1 22/22] ext4: Add Ext4 compat richacl feature flag Aneesh Kumar K.V
2014-04-28 21:31 ` Andreas Dilger
2014-05-01 15:48 ` Aneesh Kumar K.V
2014-05-01 17:52 ` Andreas Dilger
2014-04-27 22:20 ` [PATCH -V1 00/22] New ACL format for better NFSv4 acl interoperability Dave Chinner
2014-04-28 5:24 ` Aneesh Kumar K.V
2014-04-28 23:58 ` Dave Chinner
2014-05-01 15:49 ` Aneesh Kumar K.V
2014-04-28 4:39 ` Christoph Hellwig
2014-04-28 5:54 ` Aneesh Kumar K.V
2014-04-28 9:03 ` Christoph Hellwig
2014-05-06 20:15 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d2fxbj54.fsf@linux.vnet.ibm.com \
--to=aneesh.kumar@linux.vnet.ibm.com \
--cc=agruen@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=bfields@fieldses.org \
--cc=david@fromorbit.com \
--cc=dhowells@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).