Joel Becker wrote:
Here's v4 of reflink(). If you have the privileges, you get the full snapshot. If you don't, you must have read access, and then you get the entire snapshot (data and extended attributes) except that the security context is reinitialized. That's it. It fits with most of the other ops, and it's a clean degradation.
I really like this. It has a nice clean user operational definition and gives them all the snap/cowfile features. And if they had the privilege to do the reflink(), they can just chattr away :) jim
+ /* + * If the caller has the rights, reflink() will preserve the + * security context of the source inode. + */ + if ((current_fsuid() != inode->i_uid) && !capable(CAP_CHOWN)) + preserve_security = 0; + if ((current_fsuid() != inode->i_uid) && + !in_group_p(inode->i_gid) && !capable(CAP_CHOWN)) + preserve_security = 0;
I have not done a code review, but that appears to be an editing cut-and-past duplication. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html