The patch titled
knfsd: nfsd: enforce per-flavor id squashing
has been removed from the -mm tree. Its filename was
knfsd-nfsd-enforce-per-flavor-id-squashing.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
Subject: knfsd: nfsd: enforce per-flavor id squashing
From: J. Bruce Fields <bfields@xxxxxxxxxxxxxx>
Allow root squashing to vary per-pseudoflavor, so that you can (for example)
allow root access only when sufficiently strong security is in use.
Signed-off-by: "J. Bruce Fields" <bfields@xxxxxxxxxxxxxx>
Signed-off-by: Neil Brown <neilb@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/nfsd/auth.c | 18 ++++++++++++++++--
include/linux/nfsd/export.h | 3 ++-
2 files changed, 18 insertions(+), 3 deletions(-)
diff -puN fs/nfsd/auth.c~knfsd-nfsd-enforce-per-flavor-id-squashing fs/nfsd/auth.c
--- a/fs/nfsd/auth.c~knfsd-nfsd-enforce-per-flavor-id-squashing
+++ a/fs/nfsd/auth.c
@@ -12,17 +12,31 @@
#define CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
+static int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
+{
+ struct exp_flavor_info *f;
+ struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
+
+ for (f = exp->ex_flavors; f < end; f++) {
+ if (f->pseudoflavor == rqstp->rq_flavor)
+ return f->flags;
+ }
+ return exp->ex_flags;
+
+}
+
int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
{
struct svc_cred cred = rqstp->rq_cred;
int i;
+ int flags = nfsexp_flags(rqstp, exp);
int ret;
- if (exp->ex_flags & NFSEXP_ALLSQUASH) {
+ if (flags & NFSEXP_ALLSQUASH) {
cred.cr_uid = exp->ex_anon_uid;
cred.cr_gid = exp->ex_anon_gid;
cred.cr_group_info = groups_alloc(0);
- } else if (exp->ex_flags & NFSEXP_ROOTSQUASH) {
+ } else if (flags & NFSEXP_ROOTSQUASH) {
struct group_info *gi;
if (!cred.cr_uid)
cred.cr_uid = exp->ex_anon_uid;
diff -puN include/linux/nfsd/export.h~knfsd-nfsd-enforce-per-flavor-id-squashing include/linux/nfsd/export.h
--- a/include/linux/nfsd/export.h~knfsd-nfsd-enforce-per-flavor-id-squashing
+++ a/include/linux/nfsd/export.h
@@ -43,7 +43,8 @@
#define NFSEXP_ALLFLAGS 0xFE3F
/* The flags that may vary depending on security flavor: */
-#define NFSEXP_SECINFO_FLAGS 0
+#define NFSEXP_SECINFO_FLAGS (NFSEXP_READONLY | NFSEXP_ROOTSQUASH \
+ | NFSEXP_ALLSQUASH)
#ifdef __KERNEL__
_
Patches currently in -mm which might be from bfields@xxxxxxxxxxxxxx are
origin.patch
auth_gss-unregister-gss_domain-when-unloading-module.patch
git-vfs-lease-api.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
