Commit af84df93ffe3603fc6fc40a4338f9e740aad3b4e
1 parent
5f3a4a28ec
Exists in
master
and in
20 other branches
userns: Convert extN to support kuids and kgids in posix acls
Convert ext2, ext3, and ext4 to fully support the posix acl changes, using e_uid e_gid instead e_id. Enabled building with posix acls enabled, all filesystems supporting user namespaces, now also support posix acls when user namespaces are enabled. Cc: Theodore Tso <tytso@mit.edu> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andreas Dilger <adilger.kernel@dilger.ca> Cc: Jan Kara <jack@suse.cz> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Showing 4 changed files with 60 additions and 24 deletions Side-by-side Diff
fs/ext2/acl.c
... | ... | @@ -53,16 +53,23 @@ |
53 | 53 | case ACL_OTHER: |
54 | 54 | value = (char *)value + |
55 | 55 | sizeof(ext2_acl_entry_short); |
56 | - acl->a_entries[n].e_id = ACL_UNDEFINED_ID; | |
57 | 56 | break; |
58 | 57 | |
59 | 58 | case ACL_USER: |
59 | + value = (char *)value + sizeof(ext2_acl_entry); | |
60 | + if ((char *)value > end) | |
61 | + goto fail; | |
62 | + acl->a_entries[n].e_uid = | |
63 | + make_kuid(&init_user_ns, | |
64 | + le32_to_cpu(entry->e_id)); | |
65 | + break; | |
60 | 66 | case ACL_GROUP: |
61 | 67 | value = (char *)value + sizeof(ext2_acl_entry); |
62 | 68 | if ((char *)value > end) |
63 | 69 | goto fail; |
64 | - acl->a_entries[n].e_id = | |
65 | - le32_to_cpu(entry->e_id); | |
70 | + acl->a_entries[n].e_gid = | |
71 | + make_kgid(&init_user_ns, | |
72 | + le32_to_cpu(entry->e_id)); | |
66 | 73 | break; |
67 | 74 | |
68 | 75 | default: |
69 | 76 | |
70 | 77 | |
71 | 78 | |
... | ... | @@ -96,14 +103,19 @@ |
96 | 103 | ext_acl->a_version = cpu_to_le32(EXT2_ACL_VERSION); |
97 | 104 | e = (char *)ext_acl + sizeof(ext2_acl_header); |
98 | 105 | for (n=0; n < acl->a_count; n++) { |
106 | + const struct posix_acl_entry *acl_e = &acl->a_entries[n]; | |
99 | 107 | ext2_acl_entry *entry = (ext2_acl_entry *)e; |
100 | - entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); | |
101 | - entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); | |
102 | - switch(acl->a_entries[n].e_tag) { | |
108 | + entry->e_tag = cpu_to_le16(acl_e->e_tag); | |
109 | + entry->e_perm = cpu_to_le16(acl_e->e_perm); | |
110 | + switch(acl_e->e_tag) { | |
103 | 111 | case ACL_USER: |
112 | + entry->e_id = cpu_to_le32( | |
113 | + from_kuid(&init_user_ns, acl_e->e_uid)); | |
114 | + e += sizeof(ext2_acl_entry); | |
115 | + break; | |
104 | 116 | case ACL_GROUP: |
105 | - entry->e_id = | |
106 | - cpu_to_le32(acl->a_entries[n].e_id); | |
117 | + entry->e_id = cpu_to_le32( | |
118 | + from_kgid(&init_user_ns, acl_e->e_gid)); | |
107 | 119 | e += sizeof(ext2_acl_entry); |
108 | 120 | break; |
109 | 121 |
fs/ext3/acl.c
... | ... | @@ -48,16 +48,23 @@ |
48 | 48 | case ACL_OTHER: |
49 | 49 | value = (char *)value + |
50 | 50 | sizeof(ext3_acl_entry_short); |
51 | - acl->a_entries[n].e_id = ACL_UNDEFINED_ID; | |
52 | 51 | break; |
53 | 52 | |
54 | 53 | case ACL_USER: |
54 | + value = (char *)value + sizeof(ext3_acl_entry); | |
55 | + if ((char *)value > end) | |
56 | + goto fail; | |
57 | + acl->a_entries[n].e_uid = | |
58 | + make_kuid(&init_user_ns, | |
59 | + le32_to_cpu(entry->e_id)); | |
60 | + break; | |
55 | 61 | case ACL_GROUP: |
56 | 62 | value = (char *)value + sizeof(ext3_acl_entry); |
57 | 63 | if ((char *)value > end) |
58 | 64 | goto fail; |
59 | - acl->a_entries[n].e_id = | |
60 | - le32_to_cpu(entry->e_id); | |
65 | + acl->a_entries[n].e_gid = | |
66 | + make_kgid(&init_user_ns, | |
67 | + le32_to_cpu(entry->e_id)); | |
61 | 68 | break; |
62 | 69 | |
63 | 70 | default: |
64 | 71 | |
65 | 72 | |
66 | 73 | |
... | ... | @@ -91,14 +98,19 @@ |
91 | 98 | ext_acl->a_version = cpu_to_le32(EXT3_ACL_VERSION); |
92 | 99 | e = (char *)ext_acl + sizeof(ext3_acl_header); |
93 | 100 | for (n=0; n < acl->a_count; n++) { |
101 | + const struct posix_acl_entry *acl_e = &acl->a_entries[n]; | |
94 | 102 | ext3_acl_entry *entry = (ext3_acl_entry *)e; |
95 | - entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); | |
96 | - entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); | |
97 | - switch(acl->a_entries[n].e_tag) { | |
103 | + entry->e_tag = cpu_to_le16(acl_e->e_tag); | |
104 | + entry->e_perm = cpu_to_le16(acl_e->e_perm); | |
105 | + switch(acl_e->e_tag) { | |
98 | 106 | case ACL_USER: |
107 | + entry->e_id = cpu_to_le32( | |
108 | + from_kuid(&init_user_ns, acl_e->e_uid)); | |
109 | + e += sizeof(ext3_acl_entry); | |
110 | + break; | |
99 | 111 | case ACL_GROUP: |
100 | - entry->e_id = | |
101 | - cpu_to_le32(acl->a_entries[n].e_id); | |
112 | + entry->e_id = cpu_to_le32( | |
113 | + from_kgid(&init_user_ns, acl_e->e_gid)); | |
102 | 114 | e += sizeof(ext3_acl_entry); |
103 | 115 | break; |
104 | 116 |
fs/ext4/acl.c
... | ... | @@ -55,16 +55,23 @@ |
55 | 55 | case ACL_OTHER: |
56 | 56 | value = (char *)value + |
57 | 57 | sizeof(ext4_acl_entry_short); |
58 | - acl->a_entries[n].e_id = ACL_UNDEFINED_ID; | |
59 | 58 | break; |
60 | 59 | |
61 | 60 | case ACL_USER: |
61 | + value = (char *)value + sizeof(ext4_acl_entry); | |
62 | + if ((char *)value > end) | |
63 | + goto fail; | |
64 | + acl->a_entries[n].e_uid = | |
65 | + make_kuid(&init_user_ns, | |
66 | + le32_to_cpu(entry->e_id)); | |
67 | + break; | |
62 | 68 | case ACL_GROUP: |
63 | 69 | value = (char *)value + sizeof(ext4_acl_entry); |
64 | 70 | if ((char *)value > end) |
65 | 71 | goto fail; |
66 | - acl->a_entries[n].e_id = | |
67 | - le32_to_cpu(entry->e_id); | |
72 | + acl->a_entries[n].e_gid = | |
73 | + make_kgid(&init_user_ns, | |
74 | + le32_to_cpu(entry->e_id)); | |
68 | 75 | break; |
69 | 76 | |
70 | 77 | default: |
71 | 78 | |
72 | 79 | |
73 | 80 | |
... | ... | @@ -98,13 +105,19 @@ |
98 | 105 | ext_acl->a_version = cpu_to_le32(EXT4_ACL_VERSION); |
99 | 106 | e = (char *)ext_acl + sizeof(ext4_acl_header); |
100 | 107 | for (n = 0; n < acl->a_count; n++) { |
108 | + const struct posix_acl_entry *acl_e = &acl->a_entries[n]; | |
101 | 109 | ext4_acl_entry *entry = (ext4_acl_entry *)e; |
102 | - entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); | |
103 | - entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); | |
104 | - switch (acl->a_entries[n].e_tag) { | |
110 | + entry->e_tag = cpu_to_le16(acl_e->e_tag); | |
111 | + entry->e_perm = cpu_to_le16(acl_e->e_perm); | |
112 | + switch (acl_e->e_tag) { | |
105 | 113 | case ACL_USER: |
114 | + entry->e_id = cpu_to_le32( | |
115 | + from_kuid(&init_user_ns, acl_e->e_uid)); | |
116 | + e += sizeof(ext4_acl_entry); | |
117 | + break; | |
106 | 118 | case ACL_GROUP: |
107 | - entry->e_id = cpu_to_le32(acl->a_entries[n].e_id); | |
119 | + entry->e_id = cpu_to_le32( | |
120 | + from_kgid(&init_user_ns, acl_e->e_gid)); | |
108 | 121 | e += sizeof(ext4_acl_entry); |
109 | 122 | break; |
110 | 123 |