d395d0a5d2
It's just a matter of adjusting a permission check condition for S_ISGID flag. All the rest is already handled in the generic VFS code. Notice that this permission check is the analog of what we have in posix_acl_update_mode() generic helper, but fuse doesn't use this helper as on the kernel side we don't care about ensuring that POSIX ACL and CHMOD permissions are in sync as it is a responsibility of a userspace daemon to handle that. For the same reason we don't have a calls to posix_acl_chmod(), while most of other filesystem do. Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
168 lines
4.1 KiB
C
168 lines
4.1 KiB
C
/*
|
|
* FUSE: Filesystem in Userspace
|
|
* Copyright (C) 2016 Canonical Ltd. <seth.forshee@canonical.com>
|
|
*
|
|
* This program can be distributed under the terms of the GNU GPL.
|
|
* See the file COPYING.
|
|
*/
|
|
|
|
#include "fuse_i.h"
|
|
|
|
#include <linux/posix_acl.h>
|
|
#include <linux/posix_acl_xattr.h>
|
|
|
|
static struct posix_acl *__fuse_get_acl(struct fuse_conn *fc,
|
|
struct inode *inode, int type, bool rcu)
|
|
{
|
|
int size;
|
|
const char *name;
|
|
void *value = NULL;
|
|
struct posix_acl *acl;
|
|
|
|
if (rcu)
|
|
return ERR_PTR(-ECHILD);
|
|
|
|
if (fuse_is_bad(inode))
|
|
return ERR_PTR(-EIO);
|
|
|
|
if (fc->no_getxattr)
|
|
return NULL;
|
|
|
|
if (type == ACL_TYPE_ACCESS)
|
|
name = XATTR_NAME_POSIX_ACL_ACCESS;
|
|
else if (type == ACL_TYPE_DEFAULT)
|
|
name = XATTR_NAME_POSIX_ACL_DEFAULT;
|
|
else
|
|
return ERR_PTR(-EOPNOTSUPP);
|
|
|
|
value = kmalloc(PAGE_SIZE, GFP_KERNEL);
|
|
if (!value)
|
|
return ERR_PTR(-ENOMEM);
|
|
size = fuse_getxattr(inode, name, value, PAGE_SIZE);
|
|
if (size > 0)
|
|
acl = posix_acl_from_xattr(fc->user_ns, value, size);
|
|
else if ((size == 0) || (size == -ENODATA) ||
|
|
(size == -EOPNOTSUPP && fc->no_getxattr))
|
|
acl = NULL;
|
|
else if (size == -ERANGE)
|
|
acl = ERR_PTR(-E2BIG);
|
|
else
|
|
acl = ERR_PTR(size);
|
|
|
|
kfree(value);
|
|
return acl;
|
|
}
|
|
|
|
static inline bool fuse_no_acl(const struct fuse_conn *fc,
|
|
const struct inode *inode)
|
|
{
|
|
/*
|
|
* Refuse interacting with POSIX ACLs for daemons that
|
|
* don't support FUSE_POSIX_ACL and are not mounted on
|
|
* the host to retain backwards compatibility.
|
|
*/
|
|
return !fc->posix_acl && (i_user_ns(inode) != &init_user_ns);
|
|
}
|
|
|
|
struct posix_acl *fuse_get_acl(struct mnt_idmap *idmap,
|
|
struct dentry *dentry, int type)
|
|
{
|
|
struct inode *inode = d_inode(dentry);
|
|
struct fuse_conn *fc = get_fuse_conn(inode);
|
|
|
|
if (fuse_no_acl(fc, inode))
|
|
return ERR_PTR(-EOPNOTSUPP);
|
|
|
|
return __fuse_get_acl(fc, inode, type, false);
|
|
}
|
|
|
|
struct posix_acl *fuse_get_inode_acl(struct inode *inode, int type, bool rcu)
|
|
{
|
|
struct fuse_conn *fc = get_fuse_conn(inode);
|
|
|
|
/*
|
|
* FUSE daemons before FUSE_POSIX_ACL was introduced could get and set
|
|
* POSIX ACLs without them being used for permission checking by the
|
|
* vfs. Retain that behavior for backwards compatibility as there are
|
|
* filesystems that do all permission checking for acls in the daemon
|
|
* and not in the kernel.
|
|
*/
|
|
if (!fc->posix_acl)
|
|
return NULL;
|
|
return __fuse_get_acl(fc, inode, type, rcu);
|
|
}
|
|
|
|
int fuse_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
|
|
struct posix_acl *acl, int type)
|
|
{
|
|
struct inode *inode = d_inode(dentry);
|
|
struct fuse_conn *fc = get_fuse_conn(inode);
|
|
const char *name;
|
|
int ret;
|
|
|
|
if (fuse_is_bad(inode))
|
|
return -EIO;
|
|
|
|
if (fc->no_setxattr || fuse_no_acl(fc, inode))
|
|
return -EOPNOTSUPP;
|
|
|
|
if (type == ACL_TYPE_ACCESS)
|
|
name = XATTR_NAME_POSIX_ACL_ACCESS;
|
|
else if (type == ACL_TYPE_DEFAULT)
|
|
name = XATTR_NAME_POSIX_ACL_DEFAULT;
|
|
else
|
|
return -EINVAL;
|
|
|
|
if (acl) {
|
|
unsigned int extra_flags = 0;
|
|
/*
|
|
* Fuse userspace is responsible for updating access
|
|
* permissions in the inode, if needed. fuse_setxattr
|
|
* invalidates the inode attributes, which will force
|
|
* them to be refreshed the next time they are used,
|
|
* and it also updates i_ctime.
|
|
*/
|
|
size_t size = posix_acl_xattr_size(acl->a_count);
|
|
void *value;
|
|
|
|
if (size > PAGE_SIZE)
|
|
return -E2BIG;
|
|
|
|
value = kmalloc(size, GFP_KERNEL);
|
|
if (!value)
|
|
return -ENOMEM;
|
|
|
|
ret = posix_acl_to_xattr(fc->user_ns, acl, value, size);
|
|
if (ret < 0) {
|
|
kfree(value);
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* Fuse daemons without FUSE_POSIX_ACL never changed the passed
|
|
* through POSIX ACLs. Such daemons don't expect setgid bits to
|
|
* be stripped.
|
|
*/
|
|
if (fc->posix_acl &&
|
|
!in_group_or_capable(idmap, inode,
|
|
i_gid_into_vfsgid(idmap, inode)))
|
|
extra_flags |= FUSE_SETXATTR_ACL_KILL_SGID;
|
|
|
|
ret = fuse_setxattr(inode, name, value, size, 0, extra_flags);
|
|
kfree(value);
|
|
} else {
|
|
ret = fuse_removexattr(inode, name);
|
|
}
|
|
|
|
if (fc->posix_acl) {
|
|
/*
|
|
* Fuse daemons without FUSE_POSIX_ACL never cached POSIX ACLs
|
|
* and didn't invalidate attributes. Retain that behavior.
|
|
*/
|
|
forget_all_cached_acls(inode);
|
|
fuse_invalidate_attr(inode);
|
|
}
|
|
|
|
return ret;
|
|
}
|