VFS: Fix access("file", X_OK) in the presence of ACLs (a343bb77) · Commits · 戴 / test

Currently, the access() call will return incorrect information on NFS if there exists an ACL that grants execute access to the user on a regular file. The reason the information is incorrect is that the VFS overrides this execute access in open_exec() by checking (inode->i_mode & 0111). This patch propagates the VFS execute bit check back into the generic permission() call. Signed-off-by:

Trond Myklebust <Trond.Myklebust@netapp.com> (cherry picked from 64cbae98848c4c99851cb0a405f0b4982cd76c1e commit)

fs/namei.c

+8 −1

Original line number	Diff line number	Diff line
		@@ -227,10 +227,10 @@ int generic_permission(struct inode *inode, int mask,

		int permission(struct inode inode, int mask, struct nameidata nd)
		{
		umode_t mode = inode->i_mode;
		int retval, submask;

		if (mask & MAY_WRITE) {
		umode_t mode = inode->i_mode;

		/*
		* Nobody gets write access to a read-only fs.
		@@ -247,6 +247,13 @@ int permission(struct inode inode, int mask, struct nameidata nd)
		}


		/*
		* MAY_EXEC on regular files requires special handling: We override
		* filesystem execute permissions if the mode bits aren't set.
		*/
		if ((mask & MAY_EXEC) && S_ISREG(mode) && !(mode & S_IXUGO))
		return -EACCES;

		/* Ordinary permission routines do not understand MAY_APPEND. */
		submask = mask & ~MAY_APPEND;
		if (inode->i_op && inode->i_op->permission)

Admin message