FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 08-07-2012, 03:51 PM
Stefan Bader
 
Default eCryptfs: Copy up POSIX ACL and read-only flags from lower mount

This one feels uncomfortable to ack. Minor nitpick the BugLink keyword is
missing. It does overall look similar to the upstream patch but applies to a
completely different function. I suppose it must be ok if Tyler did the backport
and hope testcases will prove its correctness...

On 07.08.2012 16:15, Tim Gardner wrote:
> From: Tyler Hicks <tyhicks@canonical.com>
>
> When the eCryptfs mount options do not include '-o acl', but the lower
> filesystem's mount options do include 'acl', the MS_POSIXACL flag is not
> flipped on in the eCryptfs super block flags. This flag is what the VFS
> checks in do_last() when deciding if the current umask should be applied
> to a newly created inode's mode or not. When a default POSIX ACL mask is
> set on a directory, the current umask is incorrectly applied to new
> inodes created in the directory. This patch ignores the MS_POSIXACL flag
> passed into ecryptfs_mount() and sets the flag on the eCryptfs super
> block depending on the flag's presence on the lower super block.
>
> Additionally, it is incorrect to allow a writeable eCryptfs mount on top
> of a read-only lower mount. This missing check did not allow writes to
> the read-only lower mount because permissions checks are still performed
> on the lower filesystem's objects but it is best to simply not allow a
> rw mount on top of ro mount. However, a ro eCryptfs mount on top of a rw
> mount is valid and still allowed.
>
> https://launchpad.net/bugs/1009207
>
> Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
> Reported-by: Stefan Beller <stefanbeller@googlemail.com>
> Cc: John Johansen <john.johansen@canonical.com>
> (back ported from commit 069ddcda37b2cf5bb4b6031a944c0e9359213262)
> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
> ---
> fs/ecryptfs/main.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> index e2f18ad..783f7fc 100644
> --- a/fs/ecryptfs/main.c
> +++ b/fs/ecryptfs/main.c
> @@ -589,6 +589,15 @@ static int ecryptfs_read_super(struct super_block *sb, const char *dev_name,
> }
>
> ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
> +
> + /**
> + * Set the POSIX ACL flag based on whether they're enabled in the lower
> + * mount. Force a read-only eCryptfs mount if the lower mount is ro.
> + * Allow a ro eCryptfs mount even when the lower mount is rw.
> + */
> + sb->s_flags &= ~MS_POSIXACL;
> + sb->s_flags |= path.dentry->d_sb->s_flags & (MS_RDONLY | MS_POSIXACL);
> +
> sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
> sb->s_blocksize = path.dentry->d_sb->s_blocksize;
> ecryptfs_set_dentry_lower(sb->s_root, path.dentry);
>


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 06:06 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org