2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-18 18:23:53 +08:00
linux-next/fs/fuse/acl.c
Vivek Goyal 550a7d3bc0 fuse: add a flag FUSE_SETXATTR_ACL_KILL_SGID to kill SGID
When posix access ACL is set, it can have an effect on file mode and it can
also need to clear SGID if.

- None of caller's group/supplementary groups match file owner group.
AND
- Caller is not priviliged (No CAP_FSETID).

As of now fuser server is responsible for changing the file mode as
well. But it does not know whether to clear SGID or not.

So add a flag FUSE_SETXATTR_ACL_KILL_SGID and send this info with SETXATTR
to let file server know that sgid needs to be cleared as well.

Reported-by: Luis Henriques <lhenriques@suse.de>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
2021-04-14 10:40:57 +02:00

112 lines
2.6 KiB
C

/*
* FUSE: Filesystem in Userspace
* Copyright (C) 2016 Canonical Ltd. <seth.forshee@canonical.com>
*
* This program can be distributed under the terms of the GNU GPL.
* See the file COPYING.
*/
#include "fuse_i.h"
#include <linux/posix_acl.h>
#include <linux/posix_acl_xattr.h>
struct posix_acl *fuse_get_acl(struct inode *inode, int type)
{
struct fuse_conn *fc = get_fuse_conn(inode);
int size;
const char *name;
void *value = NULL;
struct posix_acl *acl;
if (fuse_is_bad(inode))
return ERR_PTR(-EIO);
if (!fc->posix_acl || fc->no_getxattr)
return NULL;
if (type == ACL_TYPE_ACCESS)
name = XATTR_NAME_POSIX_ACL_ACCESS;
else if (type == ACL_TYPE_DEFAULT)
name = XATTR_NAME_POSIX_ACL_DEFAULT;
else
return ERR_PTR(-EOPNOTSUPP);
value = kmalloc(PAGE_SIZE, GFP_KERNEL);
if (!value)
return ERR_PTR(-ENOMEM);
size = fuse_getxattr(inode, name, value, PAGE_SIZE);
if (size > 0)
acl = posix_acl_from_xattr(fc->user_ns, value, size);
else if ((size == 0) || (size == -ENODATA) ||
(size == -EOPNOTSUPP && fc->no_getxattr))
acl = NULL;
else if (size == -ERANGE)
acl = ERR_PTR(-E2BIG);
else
acl = ERR_PTR(size);
kfree(value);
return acl;
}
int fuse_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
struct posix_acl *acl, int type)
{
struct fuse_conn *fc = get_fuse_conn(inode);
const char *name;
int ret;
if (fuse_is_bad(inode))
return -EIO;
if (!fc->posix_acl || fc->no_setxattr)
return -EOPNOTSUPP;
if (type == ACL_TYPE_ACCESS)
name = XATTR_NAME_POSIX_ACL_ACCESS;
else if (type == ACL_TYPE_DEFAULT)
name = XATTR_NAME_POSIX_ACL_DEFAULT;
else
return -EINVAL;
if (acl) {
unsigned int extra_flags = 0;
/*
* Fuse userspace is responsible for updating access
* permissions in the inode, if needed. fuse_setxattr
* invalidates the inode attributes, which will force
* them to be refreshed the next time they are used,
* and it also updates i_ctime.
*/
size_t size = posix_acl_xattr_size(acl->a_count);
void *value;
if (size > PAGE_SIZE)
return -E2BIG;
value = kmalloc(size, GFP_KERNEL);
if (!value)
return -ENOMEM;
ret = posix_acl_to_xattr(fc->user_ns, acl, value, size);
if (ret < 0) {
kfree(value);
return ret;
}
if (!in_group_p(i_gid_into_mnt(&init_user_ns, inode)) &&
!capable_wrt_inode_uidgid(&init_user_ns, inode, CAP_FSETID))
extra_flags |= FUSE_SETXATTR_ACL_KILL_SGID;
ret = fuse_setxattr(inode, name, value, size, 0, extra_flags);
kfree(value);
} else {
ret = fuse_removexattr(inode, name);
}
forget_all_cached_acls(inode);
fuse_invalidate_attr(inode);
return ret;
}