mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2025-01-24 00:46:39 +03:00
eebfd28e9d
Bypass check of ZFS aces if the ACL is trivial. When an ACL is trivial its permissions are represented by the mode without any loss of information. In this case, it is safe to convert the access request into equivalent mode and then pass desired mask and inode to generic_permission(). This has the added benefit of also checking whether entries in a POSIX ACL on the file grant the desired access. This commit also skips the ACL check on looking up the xattr dir since such restrictions don't exist in Linux kernel and it makes xattr lookup behavior inconsistent between SA and file-based xattrs. We also don't want to perform a POSIX ACL check while looking up the POSIX ACL if for some reason it is located in the xattr dir rather than an SA. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Co-authored-by: Ryan Moeller <ryan@iXsystems.com> Signed-off-by: Andrew Walker <awalker@ixsystems.com> Closes #13237
30 lines
819 B
Plaintext
30 lines
819 B
Plaintext
AC_DEFUN([ZFS_AC_KERNEL_SRC_PERMISSION], [
|
|
dnl #
|
|
dnl # 5.12 API change that added the struct user_namespace* arg
|
|
dnl # to the front of this function type's arg list.
|
|
dnl #
|
|
ZFS_LINUX_TEST_SRC([permission_userns], [
|
|
#include <linux/fs.h>
|
|
#include <linux/sched.h>
|
|
|
|
int inode_permission(struct user_namespace *userns,
|
|
struct inode *inode, int mask) { return 0; }
|
|
|
|
static const struct inode_operations
|
|
iops __attribute__ ((unused)) = {
|
|
.permission = inode_permission,
|
|
};
|
|
],[])
|
|
])
|
|
|
|
AC_DEFUN([ZFS_AC_KERNEL_PERMISSION], [
|
|
AC_MSG_CHECKING([whether iops->permission() takes struct user_namespace*])
|
|
ZFS_LINUX_TEST_RESULT([permission_userns], [
|
|
AC_MSG_RESULT(yes)
|
|
AC_DEFINE(HAVE_IOPS_PERMISSION_USERNS, 1,
|
|
[iops->permission() takes struct user_namespace*])
|
|
],[
|
|
AC_MSG_RESULT(no)
|
|
])
|
|
])
|