Re: [PATCH v23 08/22] richacl: Compute maximum file masks from an acl

[PATCH v23 00/22] Richacls (Core and Ext4) · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
[PATCH v23 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests · Jeff Layton <hidden> · 2016-07-05
[PATCH v23 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD permission flags · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD permission flags · Jeff Layton <hidden> · 2016-07-05
[PATCH v23 04/22] vfs: Make the inode passed to inode_change_ok non-const · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 04/22] vfs: Make the inode passed to inode_change_ok non-const · Jeff Layton <hidden> · 2016-07-05
[PATCH v23 06/22] richacl: In-memory representation and helper functions · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 06/22] richacl: In-memory representation and helper functions · Jeff Layton <hidden> · 2016-07-05
Re: [PATCH v23 06/22] richacl: In-memory representation and helper functions · Andreas Gruenbacher <agruenba@redhat.com> · 2016-07-11
[PATCH v23 08/22] richacl: Compute maximum file masks from an acl · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 08/22] richacl: Compute maximum file masks from an acl · Jeff Layton <hidden> · 2016-07-05
RE: [PATCH v23 08/22] richacl: Compute maximum file masks from an acl · Frank Filz <hidden> · 2016-07-05
Re: [PATCH v23 08/22] richacl: Compute maximum file masks from an acl · Andreas Gruenbacher <agruenba@redhat.com> · 2016-07-13
RE: [PATCH v23 08/22] richacl: Compute maximum file masks from an acl · Frank Filz <hidden> · 2016-07-13
[PATCH v23 14/22] richacl: Update the file masks in chmod() · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 14/22] richacl: Update the file masks in chmod() · Jeff Layton <hidden> · 2016-07-12
[PATCH v23 16/22] richacl: Create-time inheritance · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 16/22] richacl: Create-time inheritance · Jeff Layton <hidden> · 2016-07-12
[PATCH v23 21/22] ext4: Add richacl support · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
[PATCH v23 17/22] richacl: Automatic Inheritance · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 17/22] richacl: Automatic Inheritance · Jeff Layton <hidden> · 2016-07-12
Re: [PATCH v23 17/22] richacl: Automatic Inheritance · J. Bruce Fields <hidden> · 2016-07-12
Re: [PATCH v23 17/22] richacl: Automatic Inheritance · Andreas Gruenbacher <agruenba@redhat.com> · 2016-07-12
[PATCH v23 13/22] vfs: Cache richacl in struct inode · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 13/22] vfs: Cache richacl in struct inode · Jeff Layton <hidden> · 2016-07-06
Re: [PATCH v23 13/22] vfs: Cache richacl in struct inode · David Howells <dhowells@redhat.com> · 2016-07-07
Re: [PATCH v23 13/22] vfs: Cache richacl in struct inode · Andreas Gruenbacher <agruenba@redhat.com> · 2016-07-14
[PATCH v23 15/22] richacl: Check if an acl is equivalent to a file mode · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 15/22] richacl: Check if an acl is equivalent to a file mode · Jeff Layton <hidden> · 2016-07-12
[PATCH v23 19/22] richacl: Add richacl xattr handler · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 19/22] richacl: Add richacl xattr handler · Jeff Layton <hidden> · 2016-07-12
[PATCH v23 07/22] richacl: Permission mapping functions · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 07/22] richacl: Permission mapping functions · Jeff Layton <hidden> · 2016-07-05
Re: [PATCH v23 07/22] richacl: Permission mapping functions · Andreas Gruenbacher <agruenba@redhat.com> · 2016-07-11
[PATCH v23 18/22] richacl: xattr mapping functions · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 18/22] richacl: xattr mapping functions · Jeff Layton <hidden> · 2016-07-12
Re: [PATCH v23 18/22] richacl: xattr mapping functions · Andreas Gruenbacher <agruenba@redhat.com> · 2016-07-14
[PATCH v23 05/22] vfs: Add permission flags for setting file attributes · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 05/22] vfs: Add permission flags for setting file attributes · Jeff Layton <hidden> · 2016-07-05
[PATCH v23 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags · Jeff Layton <hidden> · 2016-07-05
[PATCH v23 20/22] vfs: Add richacl permission checking · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 20/22] vfs: Add richacl permission checking · Jeff Layton <hidden> · 2016-07-12
Re: [PATCH v23 20/22] vfs: Add richacl permission checking · Andreas Gruenbacher <agruenba@redhat.com> · 2016-07-14
[PATCH v23 22/22] ext4: Add richacl feature flag · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
[PATCH v23 10/22] posix_acl: Improve xattr fixup code · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 10/22] posix_acl: Improve xattr fixup code · Jeff Layton <hidden> · 2016-07-05
[PATCH v23 11/22] vfs: Cache base_acl objects in inodes · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 11/22] vfs: Cache base_acl objects in inodes · Jeff Layton <hidden> · 2016-07-05
[PATCH v23 12/22] vfs: Add get_richacl and set_richacl inode operations · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 12/22] vfs: Add get_richacl and set_richacl inode operations · Jeff Layton <hidden> · 2016-07-06
[PATCH v23 09/22] richacl: Permission check algorithm · Andreas Gruenbacher <agruenba@redhat.com> · 2016-06-30
Re: [PATCH v23 09/22] richacl: Permission check algorithm · Jeff Layton <hidden> · 2016-07-05
Re: [PATCH v23 09/22] richacl: Permission check algorithm · Andreas Gruenbacher <agruenba@redhat.com> · 2016-07-11
Re: [PATCH v23 00/22] Richacls (Core and Ext4) · Volker Lendecke <hidden> · 2016-06-30

From: Andreas Gruenbacher <agruenba@redhat.com>
Date: 2016-07-13 12:35:02
Also in: linux-cifs, linux-ext4, linux-fsdevel, linux-nfs, linux-xfs, lkml

Frank,

On Tue, Jul 5, 2016 at 7:08 PM, Frank Filz [off-list ref] wrote:

quoted

+ * Note: functions like richacl_allowed_to_who(),
+richacl_group_class_allowed(),
+ * and richacl_compute_max_masks() iterate through the entire acl in
+reverse
+ * order as an optimization.
+ *
+ * In the standard algorithm, aces are considered in forward order.
+When a
+ * process matches an ace, the permissions in the ace are either
+allowed or
+ * denied depending on the ace type.  Once a permission has been
+allowed or
+ * denied, it is no longer considered in further aces.
+ *
+ * By iterating through the acl in reverse order, we can compute the
+same
+ * result without having to keep track of which permissions have been
+allowed
+ * and denied already.
+ */

Clever!

Hmm, but does that result in examining the whole ACL for most access checks, at least for files where most of the accesses are by the owner, or a member of a specific group (with perhaps a ton of special case users added on the end)?

I don't understand -- what does this algorithm have to do with access checks?

Thanks,
Andreas

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help