mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-01-20 21:50:41 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
89d2d9fbeadcbdbd6302d3d0cd6bfbe219d85b68
linux/fs
History
Jeff Layton d424797032 nfsd: inherit required unset default acls from effective set 
A well-formed NFSv4 ACL will always contain OWNER@/GROUP@/EVERYONE@
ACEs, but there is no requirement for inheritable entries for those
entities. POSIX ACLs must always have owner/group/other entries, even for a
default ACL.

nfsd builds the default ACL from inheritable ACEs, but the current code
just leaves any unspecified ACEs zeroed out. The result is that adding a
default user or group ACE to an inode can leave it with unwanted deny
entries.

For instance, a newly created directory with no acl will look something
like this:

	# NFSv4 translation by server
	A::OWNER@:rwaDxtTcCy
	A::GROUP@:rxtcy
	A::EVERYONE@:rxtcy

	# POSIX ACL of underlying file
	user::rwx
	group::r-x
	other::r-x

...if I then add new v4 ACE:

	nfs4_setfacl -a A:fd:1000:rwx /mnt/local/test

...I end up with a result like this today:

	user::rwx
	user:1000:rwx
	group::r-x
	mask::rwx
	other::r-x
	default:user::---
	default:user:1000:rwx
	default:group::---
	default😷:rwx
	default:other::---

	A::OWNER@:rwaDxtTcCy
	A::1000:rwaDxtcy
	A::GROUP@:rxtcy
	A::EVERYONE@:rxtcy
	D:fdi:OWNER@:rwaDx
	A:fdi:OWNER@:tTcCy
	A:fdi:1000:rwaDxtcy
	A:fdi:GROUP@:tcy
	A:fdi:EVERYONE@:tcy

...which is not at all expected. Adding a single inheritable allow ACE
should not result in everyone else losing access.

The setfacl command solves a silimar issue by copying owner/group/other
entries from the effective ACL when none of them are set:

    "If a Default ACL entry is created, and the  Default  ACL  contains  no
     owner,  owning group,  or  others  entry,  a  copy of the ACL owner,
     owning group, or others entry is added to the Default ACL.

Having nfsd do the same provides a more sane result (with no deny ACEs
in the resulting set):

	user::rwx
	user:1000:rwx
	group::r-x
	mask::rwx
	other::r-x
	default:user::rwx
	default:user:1000:rwx
	default:group::r-x
	default😷:rwx
	default:other::r-x

	A::OWNER@:rwaDxtTcCy
	A::1000:rwaDxtcy
	A::GROUP@:rxtcy
	A::EVERYONE@:rxtcy
	A:fdi:OWNER@:rwaDxtTcCy
	A:fdi:1000:rwaDxtcy
	A:fdi:GROUP@:rxtcy
	A:fdi:EVERYONE@:rxtcy

Reported-by: Ondrej Valousek <ondrej.valousek@diasemi.com>
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2136452
Suggested-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2023-08-29 17:45:22 -04:00
..
9p
fs/9p: Remove unused extern declaration
2023-07-20 19:21:48 +00:00
adfs
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
affs
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
afs
afs: Fix accidental truncation when storing data
2023-07-04 12:24:32 -07:00
autofs
arch/*/configs/*defconfig: Replace AUTOFS4_FS by AUTOFS_FS
2023-07-29 14:08:22 -07:00
befs
befs: Replace all non-returning strlcpy with strscpy
2023-05-30 16:42:00 -07:00
bfs
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
btrfs
Merge tag 'for-6.5-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
2023-08-19 17:57:07 +02:00
cachefiles
Merge tag 'v6.5/vfs.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2023-06-26 10:14:36 -07:00
ceph
vfs: get rid of old '->iterate' directory operation
2023-08-06 15:08:35 +02:00
coda
vfs: get rid of old '->iterate' directory operation
2023-08-06 15:08:35 +02:00
configfs
fs: consolidate duplicate dt_type helpers
2023-04-03 09:23:54 +02:00
cramfs
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
crypto
fscrypt: Replace 1-element array with flexible array
2023-05-23 19:46:09 -07:00
debugfs
debugfs: Correct the 'debugfs_create_str' docs
2023-05-31 19:02:14 +01:00
devpts
devpts: simplify two-level sysctl registration for pty_kern_table
2023-03-13 12:36:34 +01:00
dlm
Merge tag 'dlm-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm
2023-06-29 13:27:50 -07:00
ecryptfs
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
efivarfs
efivarfs: expose used and total size
2023-05-17 18:21:34 +02:00
efs
erofs
erofs: drop unnecessary WARN_ON() in erofs_kill_sb()
2023-08-01 16:12:24 +08:00
exfat
vfs: get rid of old '->iterate' directory operation
2023-08-06 15:08:35 +02:00
exportfs
vfs: get rid of old '->iterate' directory operation
2023-08-06 15:08:35 +02:00
ext2
Merge tag 'fs_for_v6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2023-06-29 13:39:51 -07:00
ext4
ext4: fix rbtree traversal bug in ext4_mb_use_preallocated
2023-07-23 08:21:14 -04:00
f2fs
Merge tag 'f2fs-for-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs
2023-07-05 14:14:37 -07:00
fat
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
freevxfs
Merge tag 'mm-nonmm-stable-2023-02-20-15-29' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2023-02-23 17:55:40 -08:00
fscache
fscache: Use clear_and_wake_up_bit() in fscache_create_volume_work()
2023-01-30 12:51:54 +00:00
fuse
Merge tag 'fuse-update-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
2023-07-19 11:00:27 -07:00
gfs2
gfs2: Don't use filemap_splice_read
2023-08-07 18:42:04 +02:00
hfs
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
hfsplus
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
hostfs
Merge tag 'landlock-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux
2023-06-27 17:10:27 -07:00
hpfs
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
hugetlbfs
hugetlb: revert use of page_cache_next_miss()
2023-06-23 16:59:32 -07:00
iomap
iomap: micro optimize the ki_pos assignment in iomap_file_buffered_write
2023-07-17 08:49:57 -07:00
isofs
jbd2
jbd2: remove __journal_try_to_free_buffer()
2023-07-10 23:09:21 -04:00
jffs2
Merge tag 'for-6.5/splice-2023-06-23' of git://git.kernel.dk/linux
2023-06-26 11:52:12 -07:00
jfs
vfs: get rid of old '->iterate' directory operation
2023-08-06 15:08:35 +02:00
kernfs
Merge tag 'driver-core-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2023-07-03 12:56:23 -07:00
lockd
lockd: nlm_blocked list race fixes
2023-08-29 17:45:22 -04:00
minix
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
netfs
Move netfs_extract_iter_to_sg() to lib/scatterlist.c
2023-06-08 13:42:33 +02:00
nfs
Merge tag 'nfs-for-6.5-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
2023-08-22 10:50:17 -07:00
nfs_common
NFSv4.2: remove MODULE_LICENSE in non-modules
2023-04-13 13:13:52 -07:00
nfsd
nfsd: inherit required unset default acls from effective set
2023-08-29 17:45:22 -04:00
nilfs2
nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
2023-08-21 13:07:21 -07:00
nls
fs/nls: make load_nls() take a const parameter
2023-07-25 00:30:02 -05:00
notify
fanotify: disallow mount/sb marks on kernel internal pseudo fs
2023-07-04 13:29:29 +02:00
ntfs
vfs: get rid of old '->iterate' directory operation
2023-08-06 15:08:35 +02:00
ntfs3
Merge tag 'ntfs3_for_6.5' of https://github.com/Paragon-Software-Group/linux-ntfs3
2023-07-07 14:59:38 -07:00
ocfs2
vfs: get rid of old '->iterate' directory operation
2023-08-06 15:08:35 +02:00
omfs
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
openpromfs
orangefs
orangefs: Provide a splice-read wrapper
2023-05-24 08:42:16 -06:00
overlayfs
vfs: get rid of old '->iterate' directory operation
2023-08-06 15:08:35 +02:00
proc
Merge tag 'mm-hotfixes-stable-2023-08-25-11-07' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2023-08-25 11:44:43 -07:00
pstore
Merge tag 'pstore-v6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2023-06-27 21:21:32 -07:00
qnx4
qnx4: credit contributors in CREDITS
2023-03-14 12:56:30 -06:00
qnx6
qnx6: credit contributor and mark filesystem orphan
2023-03-14 12:56:30 -06:00
quota
quota: fix warning in dqgrab()
2023-06-05 16:50:30 +02:00
ramfs
Merge tag 'mm-stable-2023-06-24-19-15' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2023-06-28 10:28:11 -07:00
reiserfs
Merge tag 'mm-stable-2023-06-24-19-15' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2023-06-28 10:28:11 -07:00
romfs
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
smb
smb: client: fix null auth
2023-08-16 00:26:07 -05:00
squashfs
squashfs: fix cache race with migration
2023-07-08 09:29:30 -07:00
sysfs
sysfs: Skip empty folders creation
2023-06-15 13:37:53 +02:00
sysv
Merge tag 'for-6.5/splice-2023-06-23' of git://git.kernel.dk/linux
2023-06-26 11:52:12 -07:00
tracefs
fs: port ->mkdir() to pass mnt_idmap
2023-01-19 09:24:26 +01:00
ubifs
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
udf
Merge tag 'fs_for_v6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2023-06-29 13:39:51 -07:00
ufs
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
unicode
unicode: remove MODULE_LICENSE in non-modules
2023-04-13 13:13:54 -07:00
vboxsf
Merge tag 'hardening-v6.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2023-08-08 14:59:49 -07:00
verity
fsverity: improve documentation for builtin signature support
2023-06-20 22:47:55 -07:00
xfs
xfs: convert flex-array declarations in xfs attr shortform objects
2023-07-17 08:48:56 -07:00
zonefs
zonefs: fix synchronous direct writes to sequential files
2023-08-10 12:59:47 +09:00
aio.c
fs/aio: Stop allocating aio rings from HIGHMEM
2023-06-15 09:22:23 +02:00
anon_inodes.c
attr.c
nfs: use vfs setgid helper
2023-03-30 08:51:48 +02:00
bad_inode.c
fs: port ->permission() to pass mnt_idmap
2023-01-19 09:24:28 +01:00
binfmt_elf_fdpic.c
binfmt: Slightly simplify elf_fdpic_map_file()
2023-05-30 15:49:46 -07:00
binfmt_elf_test.c
binfmt_elf.c
Merge branch 'expand-stack'
2023-06-28 20:35:21 -07:00
binfmt_flat.c
binfmt_misc.c
binfmt_misc: fix shift-out-of-bounds in check_special_flags
2022-12-02 13:57:04 -08:00
binfmt_script.c
buffer.c
Merge tag 'fs_for_v6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2023-06-29 13:39:51 -07:00
char_dev.c
vfs: Replace all non-returning strlcpy with strscpy
2023-05-15 09:42:01 +02:00
compat_binfmt_elf.c
coredump.c
Merge tag 'v6.5/vfs.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2023-06-26 09:50:21 -07:00
d_path.c
fs: d_path: include internal.h
2023-05-17 09:16:59 +02:00
dax.c
dax: enable dax fault handler to report VM_FAULT_HWPOISON
2023-06-26 07:54:23 -06:00
dcache.c
direct-io.c
Merge tag 'mm-stable-2023-06-24-19-15' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2023-06-28 10:28:11 -07:00
drop_caches.c
eventfd.c
eventfd: show the EFD_SEMAPHORE flag in fdinfo
2023-06-15 09:22:23 +02:00
eventpoll.c
Merge tag 'v6.5/vfs.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2023-06-26 09:50:21 -07:00
exec.c
Merge tag 'fsnotify_for_v6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2023-06-29 13:31:44 -07:00
fcntl.c
Merge tag 'fs.idmapped.v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping
2023-02-20 11:53:11 -08:00
fhandle.c
fsnotify: move fsnotify_open() hook into do_dentry_open()
2023-06-12 10:43:45 +02:00
file_table.c
fs: move cleanup from init_file() into its callers
2023-07-02 13:15:49 +02:00
file.c
fs: rely on ->iterate_shared to determine f_pos locking
2023-08-06 15:08:36 +02:00
filesystems.c
fs_context.c
fs: avoid empty option when generating legacy mount string
2023-06-07 21:49:55 +02:00
fs_parser.c
ext4: journal_path mount options should follow links
2022-12-01 10:46:54 -05:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
writeback: move wb_over_bg_thresh() call outside lock section
2023-06-09 16:25:14 -07:00
fsopen.c
init.c
fs: port ->permission() to pass mnt_idmap
2023-01-19 09:24:28 +01:00
inode.c
locking: remove spin_lock_prefetch
2023-08-12 09:18:47 -07:00
internal.h
Merge tag 'v6.5/vfs.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2023-06-26 10:14:36 -07:00
ioctl.c
fs: port inode_owner_or_capable() to mnt_idmap
2023-01-19 09:24:29 +01:00
Kconfig
smb: move client and server files to common directory fs/smb
2023-05-24 16:29:21 -05:00
Kconfig.binfmt
kernel_read_file.c
libfs.c
fs: factor out a direct_write_fallback helper
2023-06-09 16:25:53 -07:00
locks.c
locks: allow support for write delegation
2023-08-29 17:45:22 -04:00
Makefile
Merge tag 'for-6.5/block-2023-06-23' of git://git.kernel.dk/linux
2023-06-26 12:47:20 -07:00
mbcache.c
ext4: fix deadlock due to mbcache entry corruption
2022-12-08 21:49:25 -05:00
mnt_idmapping.c
fs: move mnt_idmap
2023-01-19 09:24:30 +01:00
mount.h
mpage.c
mpage: use folios in bio end_io handler
2023-04-18 16:30:02 -07:00
namei.c
fs: no need to check source
2023-07-04 10:20:29 +02:00
namespace.c
Merge tag 'v6.5/vfs.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2023-06-26 10:27:04 -07:00
nsfs.c
kill the last remaining user of proc_ns_fget()
2023-04-20 22:55:35 -04:00
open.c
open: make RESOLVE_CACHED correctly test for O_TMPFILE
2023-08-06 15:08:35 +02:00
pipe.c
pipe: check for IOCB_NOWAIT alongside O_NONBLOCK
2023-05-12 17:17:27 +02:00
pnode.c
fs: allow to mount beneath top mount
2023-05-19 04:30:22 +02:00
pnode.h
fs: allow to mount beneath top mount
2023-05-19 04:30:22 +02:00
posix_acl.c
acl: don't depend on IOP_XATTR
2023-03-06 09:59:20 +01:00
proc_namespace.c
tty, proc, kernfs, random: Use copy_splice_read()
2023-05-24 08:42:16 -06:00
read_write.c
splice: Use filemap_splice_read() instead of generic_file_splice_read()
2023-05-24 08:42:17 -06:00
readdir.c
vfs: get rid of old '->iterate' directory operation
2023-08-06 15:08:35 +02:00
remap_range.c
fs: use UB-safe check for signed addition overflow in remap_verify_area
2023-05-24 11:03:59 +02:00
select.c
seq_file.c
use less confusing names for iov_iter direction initializers
2022-11-25 13:01:55 -05:00
signalfd.c
splice.c
splice, net: Fix splice_to_socket() for O_NONBLOCK socket
2023-07-26 21:56:06 -07:00
stack.c
stat.c
Merge tag 'fs.idmapped.v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping
2023-02-20 11:53:11 -08:00
statfs.c
statfs: enforce statfs[64] structure initialization
2023-05-17 15:20:17 +02:00
super.c
Merge tag 'fs_for_v6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2023-06-29 13:39:51 -07:00
sync.c
sysctls.c
sysctl: Refactor base paths registrations
2023-05-23 21:43:26 -07:00
timerfd.c
userfaultfd.c
Merge mm-hotfixes-stable into mm-stable to pick up depended-upon changes.
2023-06-23 16:58:19 -07:00
utimes.c
Merge tag 'fs.idmapped.v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping
2023-02-20 11:53:11 -08:00
xattr.c
fs: don't call posix_acl_listxattr in generic_listxattr
2023-05-17 15:25:20 +02:00