Re: [PATCH v8 10/41] richacl: Permission check algorithm
From: J. Bruce Fields <hidden>
Date: 2015-09-28 16:29:05
Also in:
linux-ext4, linux-fsdevel, linux-nfs, lkml
Possibly related (same subject, not in this thread)
- 2015-09-28 · Re: [PATCH v8 10/41] richacl: Permission check algorithm · Andreas Grünbacher <hidden>
- 2015-09-28 · Re: [PATCH v8 10/41] richacl: Permission check algorithm · Andreas Grünbacher <hidden>
- 2015-09-28 · Re: [PATCH v8 10/41] richacl: Permission check algorithm · J. Bruce Fields <hidden>
- 2015-09-27 · [PATCH v8 10/41] richacl: Permission check algorithm · Andreas Gruenbacher <agruenba@redhat.com>
On Mon, Sep 28, 2015 at 06:25:23PM +0200, Andreas Grünbacher wrote:
2015-09-28 18:08 GMT+02:00 J. Bruce Fields [off-list ref]:quoted
On Mon, Sep 28, 2015 at 12:09:01AM +0200, Andreas Gruenbacher wrote:quoted
+ /* + * Check if the acl grants the requested access and determine which + * file class the process is in. + */ + richacl_for_each_entry(ace, acl) { + unsigned int ace_mask = ace->e_mask; + + if (richace_is_inherit_only(ace)) + continue; + if (richace_is_owner(ace)) { + if (!uid_eq(current_fsuid(), inode->i_uid)) + continue; + goto entry_matches_owner; + } else if (richace_is_group(ace)) { + if (!in_owning_group) + continue; + } else if (richace_is_unix_user(ace)) { + if (!uid_eq(current_fsuid(), ace->e_id.uid)) + continue; + goto entry_matches_owner; + } else if (richace_is_unix_group(ace)) { + if (!in_group_p(ace->e_id.gid)) + continue; + } else + goto entry_matches_everyone; + + /* + * Apply the group file mask to entries other than owner@ and + * everyone@ or user entries matching the owner.The above also skips the following group_mask application on any unix group.Really? How does it do that?
Sorry, I meant "unix user", not "unix group"! --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html