From: Andreas Gruenbacher <agruen@xxxxxxxxxx> When IS_POSIXACL() is true, the vfs does not apply the umask. Other acl models will need the same exception, so introduce a separate IS_ACL() test. The IS_POSIX_ACL() test is still needed so that nfsd can determine when the underlying file system supports POSIX ACLs (as opposed to some other kind). Signed-off-by: Andreas Gruenbacher <agruen@xxxxxxxxxx> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@xxxxxxxxxxxxxxxxxx> --- fs/namei.c | 8 ++++---- include/linux/fs.h | 6 ++++++ include/uapi/linux/fs.h | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index c6157c894fce..c7fee619691f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2650,7 +2650,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry, } mode = op->mode; - if ((open_flag & O_CREAT) && !IS_POSIXACL(dir)) + if ((open_flag & O_CREAT) && !IS_ACL(dir)) mode &= ~current_umask(); excl = (open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT); @@ -2834,7 +2834,7 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; - if (!IS_POSIXACL(dir->d_inode)) + if (!IS_ACL(dir->d_inode)) mode &= ~current_umask(); /* * This write is needed to ensure that a @@ -3422,7 +3422,7 @@ retry: if (IS_ERR(dentry)) return PTR_ERR(dentry); - if (!IS_POSIXACL(path.dentry->d_inode)) + if (!IS_ACL(path.dentry->d_inode)) mode &= ~current_umask(); error = security_path_mknod(&path, dentry, mode, dev); if (error) @@ -3491,7 +3491,7 @@ retry: if (IS_ERR(dentry)) return PTR_ERR(dentry); - if (!IS_POSIXACL(path.dentry->d_inode)) + if (!IS_ACL(path.dentry->d_inode)) mode &= ~current_umask(); error = security_path_mkdir(&path, dentry, mode); if (!error) diff --git a/include/linux/fs.h b/include/linux/fs.h index 7a9c5bca2b76..9fb63b71a014 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1611,6 +1611,12 @@ struct super_operations { #define IS_NOSEC(inode) ((inode)->i_flags & S_NOSEC) /* + * IS_ACL() tells the VFS to not apply the umask + * and use check_acl for acl permission checks when defined. + */ +#define IS_ACL(inode) __IS_FLG(inode, MS_POSIXACL) + +/* * Inode state bits. Protected by inode->i_lock * * Three bits determine the dirty state of the inode, I_DIRTY_SYNC, diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index ca1a11bb4443..1e14b9c82703 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -80,7 +80,7 @@ struct inodes_stat_t { #define MS_VERBOSE 32768 /* War is peace. Verbosity is silence. MS_VERBOSE is deprecated. */ #define MS_SILENT 32768 -#define MS_POSIXACL (1<<16) /* VFS does not apply the umask */ +#define MS_POSIXACL (1<<16) /* Supports POSIX ACLs */ #define MS_UNBINDABLE (1<<17) /* change to unbindable */ #define MS_PRIVATE (1<<18) /* change to private */ #define MS_SLAVE (1<<19) /* change to slave */ -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html