mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2026-05-22 10:37:35 +03:00
Posix ACL Support
This change adds support for Posix ACLs by storing them as an xattr which is common practice for many Linux file systems. Since the Posix ACL is stored as an xattr it will not overwrite any existing ZFS/NFSv4 ACLs which may have been set. The Posix ACL will also be non-functional on other platforms although it may be visible as an xattr if that platform understands SA based xattrs. By default Posix ACLs are disabled but they may be enabled with the new 'aclmode=noacl|posixacl' property. Set the property to 'posixacl' to enable them. If ZFS/NFSv4 ACL support is ever added an appropriate acltype will be added. This change passes the POSIX Test Suite cleanly with the exception of xacl/00.t test 45 which is incorrect for Linux (Ext4 fails too). http://www.tuxera.com/community/posix-test-suite/ Signed-off-by: Massimo Maggi <me@massimo-maggi.eu> Signed-off-by: Richard Yao <ryao@gentoo.org> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Closes #170
This commit is contained in:
Massimo Maggi
committed by
Brian Behlendorf
Brian Behlendorf
parent
7c2448a33e
commit
023699cd62
+34
-6
@@ -102,8 +102,8 @@ zpl_create(struct inode *dir, struct dentry *dentry, zpl_umode_t mode,
|
||||
|
||||
error = -zfs_create(dir, dname(dentry), vap, 0, mode, &ip, cr, 0, NULL);
|
||||
if (error == 0) {
|
||||
error = zpl_xattr_security_init(ip, dir, &dentry->d_name);
|
||||
VERIFY3S(error, ==, 0);
|
||||
VERIFY0(zpl_xattr_security_init(ip, dir, &dentry->d_name));
|
||||
VERIFY0(zpl_init_acl(ip, dir));
|
||||
d_instantiate(dentry, ip);
|
||||
}
|
||||
|
||||
@@ -136,8 +136,10 @@ zpl_mknod(struct inode *dir, struct dentry *dentry, zpl_umode_t mode,
|
||||
vap->va_rdev = rdev;
|
||||
|
||||
error = -zfs_create(dir, dname(dentry), vap, 0, mode, &ip, cr, 0, NULL);
|
||||
if (error == 0)
|
||||
if (error == 0) {
|
||||
VERIFY0(zpl_init_acl(ip, dir));
|
||||
d_instantiate(dentry, ip);
|
||||
}
|
||||
|
||||
kmem_free(vap, sizeof(vattr_t));
|
||||
crfree(cr);
|
||||
@@ -173,8 +175,10 @@ zpl_mkdir(struct inode *dir, struct dentry *dentry, zpl_umode_t mode)
|
||||
zpl_vap_init(vap, dir, mode | S_IFDIR, cr);
|
||||
|
||||
error = -zfs_mkdir(dir, dname(dentry), vap, &ip, cr, 0, NULL);
|
||||
if (error == 0)
|
||||
if (error == 0) {
|
||||
VERIFY0(zpl_init_acl(ip, dir));
|
||||
d_instantiate(dentry, ip);
|
||||
}
|
||||
|
||||
kmem_free(vap, sizeof(vattr_t));
|
||||
crfree(cr);
|
||||
@@ -223,11 +227,12 @@ zpl_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
|
||||
static int
|
||||
zpl_setattr(struct dentry *dentry, struct iattr *ia)
|
||||
{
|
||||
struct inode *ip = dentry->d_inode;
|
||||
cred_t *cr = CRED();
|
||||
vattr_t *vap;
|
||||
int error;
|
||||
|
||||
error = inode_change_ok(dentry->d_inode, ia);
|
||||
error = inode_change_ok(ip, ia);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
@@ -242,7 +247,9 @@ zpl_setattr(struct dentry *dentry, struct iattr *ia)
|
||||
vap->va_mtime = ia->ia_mtime;
|
||||
vap->va_ctime = ia->ia_ctime;
|
||||
|
||||
error = -zfs_setattr(dentry->d_inode, vap, 0, cr);
|
||||
error = -zfs_setattr(ip, vap, 0, cr);
|
||||
if (!error && (ia->ia_valid & ATTR_MODE))
|
||||
error = zpl_chmod_acl(ip);
|
||||
|
||||
kmem_free(vap, sizeof(vattr_t));
|
||||
crfree(cr);
|
||||
@@ -455,6 +462,13 @@ const struct inode_operations zpl_inode_operations = {
|
||||
#ifdef HAVE_INODE_FALLOCATE
|
||||
.fallocate = zpl_fallocate,
|
||||
#endif /* HAVE_INODE_FALLOCATE */
|
||||
#if defined(HAVE_GET_ACL)
|
||||
.get_acl = zpl_get_acl,
|
||||
#elif defined(HAVE_CHECK_ACL)
|
||||
.check_acl = zpl_check_acl,
|
||||
#elif defined(HAVE_PERMISSION)
|
||||
.permission = zpl_permission,
|
||||
#endif /* HAVE_GET_ACL | HAVE_CHECK_ACL | HAVE_PERMISSION */
|
||||
};
|
||||
|
||||
const struct inode_operations zpl_dir_inode_operations = {
|
||||
@@ -473,6 +487,13 @@ const struct inode_operations zpl_dir_inode_operations = {
|
||||
.getxattr = generic_getxattr,
|
||||
.removexattr = generic_removexattr,
|
||||
.listxattr = zpl_xattr_list,
|
||||
#if defined(HAVE_GET_ACL)
|
||||
.get_acl = zpl_get_acl,
|
||||
#elif defined(HAVE_CHECK_ACL)
|
||||
.check_acl = zpl_check_acl,
|
||||
#elif defined(HAVE_PERMISSION)
|
||||
.permission = zpl_permission,
|
||||
#endif /* HAVE_GET_ACL | HAVE_CHECK_ACL | HAVE_PERMISSION */
|
||||
};
|
||||
|
||||
const struct inode_operations zpl_symlink_inode_operations = {
|
||||
@@ -494,6 +515,13 @@ const struct inode_operations zpl_special_inode_operations = {
|
||||
.getxattr = generic_getxattr,
|
||||
.removexattr = generic_removexattr,
|
||||
.listxattr = zpl_xattr_list,
|
||||
#if defined(HAVE_GET_ACL)
|
||||
.get_acl = zpl_get_acl,
|
||||
#elif defined(HAVE_CHECK_ACL)
|
||||
.check_acl = zpl_check_acl,
|
||||
#elif defined(HAVE_PERMISSION)
|
||||
.permission = zpl_permission,
|
||||
#endif /* HAVE_GET_ACL | HAVE_CHECK_ACL | HAVE_PERMISSION */
|
||||
};
|
||||
|
||||
dentry_operations_t zpl_dentry_operations = {
|
||||
|
||||
Reference in New Issue
Block a user