This allows for users of kernfs to create custom (and possibly less
restrictive) permission checks for kernfs_nodes. The default is
unchanged. This patch is part of the cgroupns unprivileged subtree
management patchset.
Cc: dev@xxxxxxxxxxxxxxxxxx
Signed-off-by: Aleksa Sarai <asarai@xxxxxxx>
---
fs/kernfs/inode.c | 13 ++++++++++++-
include/linux/kernfs.h | 3 +++
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c
index 63b925d5ba1e..e82b8e5aa643 100644
--- a/fs/kernfs/inode.c
+++ b/fs/kernfs/inode.c
@@ -364,15 +364,26 @@ void kernfs_evict_inode(struct inode *inode)
int kernfs_iop_permission(struct inode *inode, int mask)
{
struct kernfs_node *kn;
+ struct kernfs_syscall_ops *scops;
+ int ret;
if (mask & MAY_NOT_BLOCK)
return -ECHILD;
kn = inode->i_private;
+ if (!kernfs_get_active(kn))
+ return -ENODEV;
mutex_lock(&kernfs_mutex);
kernfs_refresh_inode(kn, inode);
mutex_unlock(&kernfs_mutex);
- return generic_permission(inode, mask);
+ scops = kernfs_root(kn)->syscall_ops;
+ if (unlikely(scops && scops->permission))
+ ret = scops->permission(inode, kn, mask);
+ else
+ ret = generic_permission(inode, mask);
+
+ kernfs_put_active(kn);
+ return ret;
}
diff --git a/include/linux/kernfs.h b/include/linux/kernfs.h
index 96356ef012de..373b5a888a81 100644
--- a/include/linux/kernfs.h
+++ b/include/linux/kernfs.h
@@ -16,6 +16,7 @@
#include <linux/rbtree.h>
#include <linux/atomic.h>
#include <linux/wait.h>
+#include <linux/fs.h>
struct file;
struct dentry;
@@ -154,6 +155,8 @@ struct kernfs_syscall_ops {
const char *new_name);
int (*show_path)(struct seq_file *sf, struct kernfs_node *kn,
struct kernfs_root *root);
+ int (*permission)(struct inode *inode, struct kernfs_node *kn,
+ int mask);
};
struct kernfs_root {
--
2.9.0
--
To unsubscribe from this list: send the line "unsubscribe cgroups" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
