diff options
| author | Christoph Hellwig <hch@infradead.org> | 2008-02-04 20:13:24 -0500 |
|---|---|---|
| committer | Lachlan McIlroy <lachlan@redback.melbourne.sgi.com> | 2008-02-07 02:22:38 -0500 |
| commit | 4576758db5817a91b8974c696247d459dc653db2 (patch) | |
| tree | 43b5b471510f0981ea2dc668ca7591a75831f111 /fs/xfs/xfs_acl.c | |
| parent | f6aa7f2184330262e1cb5f7802536e5346bd46a3 (diff) | |
[XFS] use generic_permission
Now that all direct caller of xfs_iaccess are gone we can kill xfs_iaccess
and xfs_access and just use generic_permission with a check_acl callback.
This is required for the per-mount read-only patchset in -mm to work
properly with XFS.
SGI-PV: 971186
SGI-Modid: xfs-linux-melb:xfs-kern:30370a
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Diffstat (limited to 'fs/xfs/xfs_acl.c')
| -rw-r--r-- | fs/xfs/xfs_acl.c | 30 |
1 files changed, 2 insertions, 28 deletions
diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c index 5bfb66f33caf..7272fe39a92d 100644 --- a/fs/xfs/xfs_acl.c +++ b/fs/xfs/xfs_acl.c | |||
| @@ -392,32 +392,6 @@ xfs_acl_allow_set( | |||
| 392 | } | 392 | } |
| 393 | 393 | ||
| 394 | /* | 394 | /* |
| 395 | * The access control process to determine the access permission: | ||
| 396 | * if uid == file owner id, use the file owner bits. | ||
| 397 | * if gid == file owner group id, use the file group bits. | ||
| 398 | * scan ACL for a matching user or group, and use matched entry | ||
| 399 | * permission. Use total permissions of all matching group entries, | ||
| 400 | * until all acl entries are exhausted. The final permission produced | ||
| 401 | * by matching acl entry or entries needs to be & with group permission. | ||
| 402 | * if not owner, owning group, or matching entry in ACL, use file | ||
| 403 | * other bits. | ||
| 404 | */ | ||
| 405 | STATIC int | ||
| 406 | xfs_acl_capability_check( | ||
| 407 | mode_t mode, | ||
| 408 | cred_t *cr) | ||
| 409 | { | ||
| 410 | if ((mode & ACL_READ) && !capable_cred(cr, CAP_DAC_READ_SEARCH)) | ||
| 411 | return EACCES; | ||
| 412 | if ((mode & ACL_WRITE) && !capable_cred(cr, CAP_DAC_OVERRIDE)) | ||
| 413 | return EACCES; | ||
| 414 | if ((mode & ACL_EXECUTE) && !capable_cred(cr, CAP_DAC_OVERRIDE)) | ||
| 415 | return EACCES; | ||
| 416 | |||
| 417 | return 0; | ||
| 418 | } | ||
| 419 | |||
| 420 | /* | ||
| 421 | * Note: cr is only used here for the capability check if the ACL test fails. | 395 | * Note: cr is only used here for the capability check if the ACL test fails. |
| 422 | * It is not used to find out the credentials uid or groups etc, as was | 396 | * It is not used to find out the credentials uid or groups etc, as was |
| 423 | * done in IRIX. It is assumed that the uid and groups for the current | 397 | * done in IRIX. It is assumed that the uid and groups for the current |
| @@ -438,7 +412,6 @@ xfs_acl_access( | |||
| 438 | 412 | ||
| 439 | matched.ae_tag = 0; /* Invalid type */ | 413 | matched.ae_tag = 0; /* Invalid type */ |
| 440 | matched.ae_perm = 0; | 414 | matched.ae_perm = 0; |
| 441 | md >>= 6; /* Normalize the bits for comparison */ | ||
| 442 | 415 | ||
| 443 | for (i = 0; i < fap->acl_cnt; i++) { | 416 | for (i = 0; i < fap->acl_cnt; i++) { |
| 444 | /* | 417 | /* |
| @@ -520,7 +493,8 @@ xfs_acl_access( | |||
| 520 | break; | 493 | break; |
| 521 | } | 494 | } |
| 522 | 495 | ||
| 523 | return xfs_acl_capability_check(md, cr); | 496 | /* EACCES tells generic_permission to check for capability overrides */ |
| 497 | return EACCES; | ||
| 524 | } | 498 | } |
| 525 | 499 | ||
| 526 | /* | 500 | /* |