Re: [PATCH 1/3] VFS: introduce MAY_ACT_AS_OWNER

From: David Howells
Date: Thu Oct 04 2018 - 10:10:25 EST

Next message: Richard Weinberger: "Re: [PATCH] kernel/sysctl.c: remove duplicated include"
Previous message: Janusz Krzysztofik: "Re: [RFC PATCH] mtd: rawnand: ams-delta: use ->exec_op()"
In reply to: NeilBrown: "[PATCH 3/3] NFSD - Use MAY_ACT_AS_OWNER"
Next in thread: Jan Harkes: "Re: [PATCH 1/3] VFS: introduce MAY_ACT_AS_OWNER"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

NeilBrown <neilb@xxxxxxxx> wrote:

> diff --git a/fs/afs/security.c b/fs/afs/security.c
> index 81dfedb7879f..ac2e39de8bff 100644
> --- a/fs/afs/security.c
> +++ b/fs/afs/security.c
> @@ -349,6 +349,16 @@ int afs_permission(struct inode *inode, int mask)
> if (mask & MAY_NOT_BLOCK)
> return -ECHILD;
>
> + /* Short-circuit for owner */
> + if (mask & MAY_ACT_AS_OWNER) {
> + if (inode_owner_or_capable(inode))

You don't know that inode->i_uid in meaningful. You may have noticed that
afs_permission() ignores i_uid and i_gid entirely. It queries the server (if
this information is not otherwise cached) to ask what permits the user is
granted - where the user identity is defined by the key returned from
afs_request_key()[*].

So, NAK for the afs piece.

David

[*] If there's no appropriate key, anonymous permits will be used.

Next message: Richard Weinberger: "Re: [PATCH] kernel/sysctl.c: remove duplicated include"
Previous message: Janusz Krzysztofik: "Re: [RFC PATCH] mtd: rawnand: ams-delta: use ->exec_op()"
In reply to: NeilBrown: "[PATCH 3/3] NFSD - Use MAY_ACT_AS_OWNER"
Next in thread: Jan Harkes: "Re: [PATCH 1/3] VFS: introduce MAY_ACT_AS_OWNER"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]