From: Andreas Gruenbacher Date: Mon, 14 Jun 2010 09:22:14 +0530 Subject: [PATCH 13/16] richacl: Restrict access check algorithm Patch-mainline: not yet We want to avoid applying the file masks to an acl when changing the file permission bits or performing an access check. On the other hand, when we *do* apply the file masks to the acl, we want the resulting acl to produce the same access check results with the standard nfs4 access check algorithm as the richacl access check algorithm with the original acl. This is already the case, except in the following scenario: With file masks equivalent to file mode 0600, the following acl would grant the owner rw access if the owner is in the owning group: group@:rw::allow There is no way to express this in an nfs4 acl; the result is always a more restrictive acl. There are two approaches to deal with this difference: either accept that it exists and that applying the file masks is imperfect, or change the richacl access check algorithm so that such accesses are denied. This patch denies such accesses and makes sure that the richacl access check algorithm grants the same accesses as the nfsv4 acl with the file masks applied. Signed-off-by: Andreas Gruenbacher Signed-off-by: Aneesh Kumar K.V --- fs/richacl_base.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/fs/richacl_base.c +++ b/fs/richacl_base.c @@ -423,6 +423,16 @@ richacl_permission(struct inode *inode, } else goto is_everyone; + /* + * Apply the group file mask to entries other than OWNER@ and + * EVERYONE@. This is not required for correct access checking + * but ensures that we grant the same permissions as the acl + * computed by richacl_apply_masks() would grant. See + * richacl_apply_masks() for a more detailed explanation. + */ + if (richace_is_allow(ace)) + ace_mask &= acl->a_group_mask; + is_owner: /* The process is in the owner or group file class. */ in_owner_or_group_class = 1;