summaryrefslogtreecommitdiff
path: root/fs/mpage.c
diff options
context:
space:
mode:
authorAndreas Gruenbacher <agruen@linbit.com>2014-01-23 23:56:15 (GMT)
committerLinus Torvalds <torvalds@linux-foundation.org>2014-01-24 00:37:04 (GMT)
commit949b9c3d4263c9b7c2448588afce37becd58e1ad (patch)
tree9db6da020bb289372cd001a816768f2ececfffc0 /fs/mpage.c
parente376ed7c85fe102ff63db2eb8a0c5595f68151fa (diff)
downloadlinux-949b9c3d4263c9b7c2448588afce37becd58e1ad.tar.xz
userns: relax the posix_acl_valid() checks
So far, POSIX ACLs are using a canonical representation that keeps all ACL entries in a strict order; the ACL_USER and ACL_GROUP entries for specific users and groups are ordered by user and group identifier, respectively. The user-space code provides ACL entries in this order; the kernel verifies that the ACL entry order is correct in posix_acl_valid(). User namespaces allow to arbitrary map user and group identifiers which can cause the ACL_USER and ACL_GROUP entry order to differ between user space and the kernel; posix_acl_valid() would then fail. Work around this by allowing ACL_USER and ACL_GROUP entries to be in any order in the kernel. The effect is only minor: file permission checks will pick the first matching ACL_USER entry, and check all matching ACL_GROUP entries. (The libacl user-space library and getfacl / setfacl tools will not create ACLs with duplicate user or group idenfifiers; they will handle ACLs with entries in an arbitrary order correctly.) Signed-off-by: Andreas Gruenbacher <agruen@linbit.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Theodore Tso <tytso@mit.edu> Cc: Christoph Hellwig <hch@infradead.org> Cc: Andreas Dilger <adilger.kernel@dilger.ca> Cc: Jan Kara <jack@suse.cz> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/mpage.c')
0 files changed, 0 insertions, 0 deletions