From: Andreas Gruenbacher <agruen@xxxxxxxxxx>
Acked-by: J. Bruce Fields <bfields@xxxxxxxxxx>
Acked-by: David Howells <dhowells@xxxxxxxxxx>
Signed-off-by: Andreas Gruenbacher <agruen@xxxxxxxxxx>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@xxxxxxxxxxxxxxxxxx>
---
fs/namei.c | 14 ++++++++++++++
1 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index de8c7d3..2685e04 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -230,6 +230,20 @@ static int acl_permission_check(struct inode *inode, int mask)
if (current_user_ns() != inode_userns(inode))
goto other_perms;
+ if (IS_RICHACL(inode)) {
+ int error = check_acl(inode, mask);
+ if (error != -EAGAIN)
+ return error;
+ if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
+ MAY_CHMOD | MAY_SET_TIMES)) {
+ /*
+ * The file permission bit cannot grant these
+ * permissions.
+ */
+ return -EACCES;
+ }
+ }
+
if (likely(current_fsuid() == inode->i_uid))
mode >>= 6;
else {
--
1.7.5.4
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
