[PATCH -V4 08/11] vfs: Add new file and directory create permission flags

[PATCH -V4 00/11] New ACL format for better NFSv4 acl interoperability · Aneesh Kumar K.V <hidden> · 2010-09-24
[PATCH -V4 02/11] vfs: Pass all mask flags down to iop->check_acl · Aneesh Kumar K.V <hidden> · 2010-09-24
[PATCH -V4 03/11] vfs: Add a comment to inode_permission() · Aneesh Kumar K.V <hidden> · 2010-09-24
[PATCH -V4 04/11] vfs: Add generic IS_ACL() test for acl support · Aneesh Kumar K.V <hidden> · 2010-09-24
[PATCH -V4 06/11] vfs: Optimize out IS_RICHACL() if CONFIG_FS_RICHACL is not defined · Aneesh Kumar K.V <hidden> · 2010-09-24
[PATCH -V4 07/11] vfs: Make acl_permission_check() work for richacls · Aneesh Kumar K.V <hidden> · 2010-09-24
Re: [PATCH -V4 07/11] vfs: Make acl_permission_check() work for richacls · Jeff Layton <hidden> · 2010-09-24
Re: [PATCH -V4 07/11] vfs: Make acl_permission_check() work for richacls · Aneesh Kumar K. V <hidden> · 2010-09-24
Re: [PATCH -V4 07/11] vfs: Make acl_permission_check() work for richacls · Andreas Gruenbacher <hidden> · 2010-09-27
[PATCH -V4 08/11] vfs: Add new file and directory create permission flags · Aneesh Kumar K.V <hidden> · 2010-09-24
Re: [PATCH -V4 08/11] vfs: Add new file and directory create permission flags · Jeff Layton <hidden> · 2010-09-24
Re: [PATCH -V4 08/11] vfs: Add new file and directory create permission flags · Aneesh Kumar K. V <hidden> · 2010-09-24
Re: [PATCH -V4 08/11] vfs: Add new file and directory create permission flags · Jeff Layton <hidden> · 2010-09-24
Re: [PATCH -V4 08/11] vfs: Add new file and directory create permission flags · Andreas Gruenbacher <hidden> · 2010-09-27
Re: [PATCH -V4 08/11] vfs: Add new file and directory create permission flags · Ted Ts'o <tytso@mit.edu> · 2011-01-03
Re: [PATCH -V4 08/11] vfs: Add new file and directory create permission flags · Andreas Dilger <hidden> · 2011-01-03
Re: [PATCH -V4 08/11] vfs: Add new file and directory create permission flags · Andreas Dilger <hidden> · 2011-01-03
Re: [PATCH -V4 08/11] vfs: Add new file and directory create permission flags · Aneesh Kumar K. V <hidden> · 2011-01-03
[PATCH -V4 09/11] vfs: Add delete child and delete self permission flags · Aneesh Kumar K.V <hidden> · 2010-09-24
[PATCH -V4 10/11] vfs: Make the inode passed to inode_change_ok non-const · Aneesh Kumar K.V <hidden> · 2010-09-24
[PATCH -V4 11/11] vfs: Add permission flags for setting file attributes · Aneesh Kumar K.V <hidden> · 2010-09-24
[PATCH -V4 01/11] vfs: Indicate that the permission functions take all the MAY_* flags · Aneesh Kumar K.V <hidden> · 2010-09-24
[PATCH -V4 05/11] vfs: Add IS_RICHACL() test for richacl support · Aneesh Kumar K.V <hidden> · 2010-09-24
Re: [PATCH -V4 00/11] New ACL format for better NFSv4 acl interoperability · J. Bruce Fields <hidden> · 2010-10-12
Re: [PATCH -V4 00/11] New ACL format for better NFSv4 acl interoperability · Aneesh Kumar K. V <hidden> · 2010-10-12
Re: [PATCH -V4 00/11] New ACL format for better NFSv4 acl interoperability · J. Bruce Fields <hidden> · 2010-10-12

STALE5655d

Revisions (6)

2010-07-02 v2 [diff vs current]
2010-09-24 v4 current
2011-02-23 v5 [diff vs current]
2011-10-18 v7 [diff vs current]
2011-10-23 v8 [diff vs current]
2014-04-27 v1 [diff vs current]

From: Aneesh Kumar K.V <hidden>
Date: 2010-09-24 12:48:11
Also in: linux-fsdevel, lkml
Subsystem: filesystems (vfs and infrastructure), the rest · Maintainers: Alexander Viro, Christian Brauner, Linus Torvalds

From: Andreas Gruenbacher <redacted>

Some permission models distinguish between the permission to create a
non-directory and a directory.  Pass this information down to
inode_permission() as mask flags

Signed-off-by: Andreas Gruenbacher <redacted>
Signed-off-by: Aneesh Kumar K.V <redacted>
---
 fs/namei.c         |   21 ++++++++++++---------
 include/linux/fs.h |    2 ++
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/fs/namei.c b/fs/namei.c
index b0b8a71..ed786b2 100644
--- a/fs/namei.c
+++ b/fs/namei.c

@@ -253,7 +253,8 @@ int generic_permission(struct inode *inode, int mask,
  * for filesystem access without changing the "normal" uids which
  * are used for other things.
  *
- * When checking for MAY_APPEND, MAY_WRITE must also be set in @mask.
+ * When checking for MAY_APPEND, MAY_CREATE_FILE, MAY_CREATE_DIR,
+ * MAY_WRITE must also be set in @mask.
  */
 int inode_permission(struct inode *inode, int mask)
 {

@@ -1337,13 +1338,15 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
  *  3. We should have write and exec permissions on dir
  *  4. We can't do it if dir is immutable (done in permission())
  */
-static inline int may_create(struct inode *dir, struct dentry *child)
+static inline int may_create(struct inode *dir, struct dentry *child, int isdir)
 {
+	int mask = isdir ? MAY_CREATE_DIR : MAY_CREATE_FILE;
+
 	if (child->d_inode)
 		return -EEXIST;
 	if (IS_DEADDIR(dir))
 		return -ENOENT;
-	return inode_permission(dir, MAY_WRITE | MAY_EXEC);
+	return inode_permission(dir, MAY_WRITE | MAY_EXEC | mask);
 }
 
 /*

@@ -1391,7 +1394,7 @@ void unlock_rename(struct dentry *p1, struct dentry *p2)
 int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
 		struct nameidata *nd)
 {
-	int error = may_create(dir, dentry);
+	int error = may_create(dir, dentry, 0);
 
 	if (error)
 		return error;

@@ -1953,7 +1956,7 @@ EXPORT_SYMBOL_GPL(lookup_create);
 
 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
 {
-	int error = may_create(dir, dentry);
+	int error = may_create(dir, dentry, 0);
 
 	if (error)
 		return error;

@@ -2057,7 +2060,7 @@ SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev)
 
 int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
 {
-	int error = may_create(dir, dentry);
+	int error = may_create(dir, dentry, 1);
 
 	if (error)
 		return error;

@@ -2342,7 +2345,7 @@ SYSCALL_DEFINE1(unlink, const char __user *, pathname)
 
 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
 {
-	int error = may_create(dir, dentry);
+	int error = may_create(dir, dentry, 0);
 
 	if (error)
 		return error;

@@ -2415,7 +2418,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
 	if (!inode)
 		return -ENOENT;
 
-	error = may_create(dir, new_dentry);
+	error = may_create(dir, new_dentry, S_ISDIR(inode->i_mode));
 	if (error)
 		return error;

@@ -2631,7 +2634,7 @@ int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
 		return error;
 
 	if (!new_dentry->d_inode)
-		error = may_create(new_dir, new_dentry);
+		error = may_create(new_dir, new_dentry, is_dir);
 	else
 		error = may_delete(new_dir, new_dentry, is_dir);
 	if (error)

diff --git a/include/linux/fs.h b/include/linux/fs.h
index 26fc8ae..5dc1ebd 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h

@@ -55,6 +55,8 @@ struct inodes_stat_t {
 #define MAY_ACCESS 16
 #define MAY_OPEN 32
 #define MAY_CHDIR 64
+#define MAY_CREATE_FILE 128
+#define MAY_CREATE_DIR 256
 
 /*
  * flags in file.f_mode.  Note that FMODE_READ and FMODE_WRITE must correspond

-- 
1.7.0.4

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help