qubes-linux-kernel/patches.suse/0013-richacl-Restrict-access-check-algorithm.patch

53 lines
2.0 KiB
Diff
Raw Normal View History

2011-04-19 20:09:59 +00:00
From: Andreas Gruenbacher <agruen@suse.de>
Date: Mon, 14 Jun 2010 09:22:14 +0530
Subject: [PATCH 13/16] richacl: Restrict access check algorithm
Patch-mainline: not yet
We want to avoid applying the file masks to an acl when changing the
file permission bits or performing an access check. On the other hand,
when we *do* apply the file masks to the acl, we want the resulting acl
to produce the same access check results with the standard nfs4 access
check algorithm as the richacl access check algorithm with the original
acl. This is already the case, except in the following scenario:
With file masks equivalent to file mode 0600, the following acl would
grant the owner rw access if the owner is in the owning group:
group@:rw::allow
There is no way to express this in an nfs4 acl; the result is always a
more restrictive acl. There are two approaches to deal with this
difference: either accept that it exists and that applying the file
masks is imperfect, or change the richacl access check algorithm so that
such accesses are denied.
This patch denies such accesses and makes sure that the richacl access
check algorithm grants the same accesses as the nfsv4 acl with the file
masks applied.
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
---
fs/richacl_base.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/fs/richacl_base.c
+++ b/fs/richacl_base.c
@@ -423,6 +423,16 @@ richacl_permission(struct inode *inode,
} else
goto is_everyone;
+ /*
+ * Apply the group file mask to entries other than OWNER@ and
+ * EVERYONE@. This is not required for correct access checking
+ * but ensures that we grant the same permissions as the acl
+ * computed by richacl_apply_masks() would grant. See
+ * richacl_apply_masks() for a more detailed explanation.
+ */
+ if (richace_is_allow(ace))
+ ace_mask &= acl->a_group_mask;
+
is_owner:
/* The process is in the owner or group file class. */
in_owner_or_group_class = 1;