[Ocfs2-devel] [PATCH 3/3] ocfs2: Add posix ACL support in ocfs2 v1

Mark Fasheh mfasheh at suse.com
Tue Sep 23 00:11:18 PDT 2008 

On Fri, Sep 19, 2008 at 05:43:01PM +0800, Tiger Yang wrote:
> diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
> index edcdd39..96a53eb 100644
> --- a/fs/ocfs2/file.c
> +++ b/fs/ocfs2/file.c
> @@ -56,6 +56,7 @@
>  #include "suballoc.h"
>  #include "super.h"
>  #include "xattr.h"
> +#include "acl.h"
>  
>  #include "buffer_head_io.h"
>  
> @@ -1031,7 +1032,7 @@ int ocfs2_permission(struct inode *inode, int mask, struct nameidata *nd)
>  		goto out;
>  	}
>  
> -	ret = generic_permission(inode, mask, NULL);
> +	ret = generic_permission(inode, mask, ocfs2_check_acl);
>  
>  	ocfs2_inode_unlock(inode, 0);
>  out:

I think we also need some acl-specific handling of chmod in ocfs2_setattr.
See ext3_acl_chmod, where it's called and what it does.


> diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
> index 76d1d13..9f8f313 100644
> --- a/fs/ocfs2/namei.c
> +++ b/fs/ocfs2/namei.c
> @@ -61,6 +61,7 @@
>  #include "sysfile.h"
>  #include "uptodate.h"
>  #include "xattr.h"
> +#include "acl.h"
>  
>  #include "buffer_head_io.h"
>  
> @@ -328,6 +329,8 @@ leave:
>  	if (status == -ENOSPC)
>  		mlog(0, "Disk is full\n");
>  
> +	status = ocfs2_init_acl(inode, dir);

Err, this is a pretty bad place for a call which must do work only if we're
succesfull in creating the inode. A better place would be a few lines up,
maybe even just before the call to 'ocfs2_add_entry()', so that an acl
failure won't result in a non-acl-copied inode which is accessible from a
directory.
	

> +
>  	if (new_fe_bh)
>  		brelse(new_fe_bh);
>  
> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
> index d57cfae..1daff4f 100644
> --- a/fs/ocfs2/xattr.c
> +++ b/fs/ocfs2/xattr.c
> @@ -76,10 +76,8 @@ static struct ocfs2_xattr_def_value_root def_xv = {
>  
>  struct xattr_handler *ocfs2_xattr_handlers[] = {
>  	&ocfs2_xattr_user_handler,
> -#ifdef CONFIG_OCFS2_FS_POSIX_ACL
>  	&ocfs2_xattr_acl_access_handler,
>  	&ocfs2_xattr_acl_default_handler,
> -#endif
>  	&ocfs2_xattr_trusted_handler,
>  	&ocfs2_xattr_security_handler,
>  	NULL
> @@ -87,12 +85,10 @@ struct xattr_handler *ocfs2_xattr_handlers[] = {
>  
>  static struct xattr_handler *ocfs2_xattr_handler_map[] = {
>  	[OCFS2_XATTR_INDEX_USER]	= &ocfs2_xattr_user_handler,
> -#ifdef CONFIG_OCFS2_FS_POSIX_ACL
>  	[OCFS2_XATTR_INDEX_POSIX_ACL_ACCESS]
>  					= &ocfs2_xattr_acl_access_handler,
>  	[OCFS2_XATTR_INDEX_POSIX_ACL_DEFAULT]
>  					= &ocfs2_xattr_acl_default_handler,
> -#endif
>  	[OCFS2_XATTR_INDEX_TRUSTED]	= &ocfs2_xattr_trusted_handler,
>  	[OCFS2_XATTR_INDEX_SECURITY]	= &ocfs2_xattr_security_handler,
>  };

Same as before about the #ifdef's, and adding a proper Kconfig item for
this.
	--Mark

--
Mark Fasheh

More information about the Ocfs2-devel mailing list