Commit f0c8bd16 authored by Andreas Gruenbacher's avatar Andreas Gruenbacher Committed by Linus Torvalds
Browse files

[PATCH] Generic infrastructure for acls 

The patches solve the following problem: We want to grant access to devices
based on who is logged in from where, etc.  This includes switching back and
forth between multiple user sessions, etc.

Using ACLs to define device access for logged-in users gives us all the
flexibility we need in order to fully solve the problem.

Device special files nowadays usually live on tmpfs, hence tmpfs ACLs.

Different distros have come up with solutions that solve the problem to
different degrees: SUSE uses a resource manager which tracks login sessions
and sets ACLs on device inodes as appropriate.  RedHat uses pam_console, which
changes the primary file ownership to the logged-in user.  Others use a set of
groups that users must be in in order to be granted the appropriate accesses.

The freedesktop.org project plans to implement a combination of a
console-tracker and a HAL-device-list based solution to grant access to
devices to users, and more distros will likely follow this approach.

These patches have first been posted here on 2 February 2005, and again
on 8 January 2006. We have been shipping them in SLES9 and SLES10 with
no problems reported.  The previous submission is archived here:

   http://lkml.org/lkml/2006/1/8/229
   http://lkml.org/lkml/2006/1/8/230
   http://lkml.org/lkml/2006/1/8/231



This patch:

Add some infrastructure for access control lists on in-memory
filesystems such as tmpfs.

Signed-off-by: default avatarAndreas Gruenbacher <agruen@suse.de>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 4e6fd33b

fs/Kconfig

+4 −0
Original line number Diff line number Diff line
@@ -1940,6 +1940,10 @@ config 9P_FS 


	  If unsure, say N.



config GENERIC_ACL

	bool

	select FS_POSIX_ACL



endmenu



menu "Partition Types"

fs/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -35,6 +35,7 @@ obj-$(CONFIG_BINFMT_FLAT) += binfmt_flat.o 
obj-$(CONFIG_FS_MBCACHE)	+= mbcache.o

obj-$(CONFIG_FS_POSIX_ACL)	+= posix_acl.o xattr_acl.o

obj-$(CONFIG_NFS_COMMON)	+= nfs_common/

obj-$(CONFIG_GENERIC_ACL)	+= generic_acl.o



obj-$(CONFIG_QUOTA)		+= dquot.o

obj-$(CONFIG_QFMT_V1)		+= quota_v1.o

fs/generic_acl.c

0 → 100644
+197 −0
Original line number Diff line number Diff line 
/*

 * fs/generic_acl.c

 *

 * (C) 2005 Andreas Gruenbacher <agruen@suse.de>

 *

 * This file is released under the GPL.

 */



#include <linux/sched.h>

#include <linux/fs.h>

#include <linux/generic_acl.h>



/**

 * generic_acl_list  -  Generic xattr_handler->list() operation

 * @ops:	Filesystem specific getacl and setacl callbacks

 */

size_t

generic_acl_list(struct inode *inode, struct generic_acl_operations *ops,

		 int type, char *list, size_t list_size)

{

	struct posix_acl *acl;

	const char *name;

	size_t size;



	acl = ops->getacl(inode, type);

	if (!acl)

		return 0;

	posix_acl_release(acl);



	switch(type) {

		case ACL_TYPE_ACCESS:

			name = POSIX_ACL_XATTR_ACCESS;

			break;



		case ACL_TYPE_DEFAULT:

			name = POSIX_ACL_XATTR_DEFAULT;

			break;



		default:

			return 0;

	}

	size = strlen(name) + 1;

	if (list && size <= list_size)

		memcpy(list, name, size);

	return size;

}



/**

 * generic_acl_get  -  Generic xattr_handler->get() operation

 * @ops:	Filesystem specific getacl and setacl callbacks

 */

int

generic_acl_get(struct inode *inode, struct generic_acl_operations *ops,

		int type, void *buffer, size_t size)

{

	struct posix_acl *acl;

	int error;



	acl = ops->getacl(inode, type);

	if (!acl)

		return -ENODATA;

	error = posix_acl_to_xattr(acl, buffer, size);

	posix_acl_release(acl);



	return error;

}



/**

 * generic_acl_set  -  Generic xattr_handler->set() operation

 * @ops:	Filesystem specific getacl and setacl callbacks

 */

int

generic_acl_set(struct inode *inode, struct generic_acl_operations *ops,

		int type, const void *value, size_t size)

{

	struct posix_acl *acl = NULL;

	int error;



	if (S_ISLNK(inode->i_mode))

		return -EOPNOTSUPP;

	if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))

		return -EPERM;

	if (value) {

		acl = posix_acl_from_xattr(value, size);

		if (IS_ERR(acl))

			return PTR_ERR(acl);

	}

	if (acl) {

		mode_t mode;



		error = posix_acl_valid(acl);

		if (error)

			goto failed;

		switch(type) {

			case ACL_TYPE_ACCESS:

				mode = inode->i_mode;

				error = posix_acl_equiv_mode(acl, &mode);

				if (error < 0)

					goto failed;

				inode->i_mode = mode;

				if (error == 0) {

					posix_acl_release(acl);

					acl = NULL;

				}

				break;



			case ACL_TYPE_DEFAULT:

				if (!S_ISDIR(inode->i_mode)) {

					error = -EINVAL;

					goto failed;

				}

				break;

		}

	}

	ops->setacl(inode, type, acl);

	error = 0;

failed:

	posix_acl_release(acl);

	return error;

}



/**

 * generic_acl_init  -  Take care of acl inheritance at @inode create time

 * @ops:	Filesystem specific getacl and setacl callbacks

 *

 * Files created inside a directory with a default ACL inherit the

 * directory's default ACL.

 */

int

generic_acl_init(struct inode *inode, struct inode *dir,

		 struct generic_acl_operations *ops)

{

	struct posix_acl *acl = NULL;

	mode_t mode = inode->i_mode;

	int error;



	inode->i_mode = mode & ~current->fs->umask;

	if (!S_ISLNK(inode->i_mode))

		acl = ops->getacl(dir, ACL_TYPE_DEFAULT);

	if (acl) {

		struct posix_acl *clone;



		if (S_ISDIR(inode->i_mode)) {

			clone = posix_acl_clone(acl, GFP_KERNEL);

			error = -ENOMEM;

			if (!clone)

				goto cleanup;

			ops->setacl(inode, ACL_TYPE_DEFAULT, clone);

			posix_acl_release(clone);

		}

		clone = posix_acl_clone(acl, GFP_KERNEL);

		error = -ENOMEM;

		if (!clone)

			goto cleanup;

		error = posix_acl_create_masq(clone, &mode);

		if (error >= 0) {

			inode->i_mode = mode;

			if (error > 0)

				ops->setacl(inode, ACL_TYPE_ACCESS, clone);

		}

		posix_acl_release(clone);

	}

	error = 0;



cleanup:

	posix_acl_release(acl);

	return error;

}



/**

 * generic_acl_chmod  -  change the access acl of @inode upon chmod()

 * @ops:	FIlesystem specific getacl and setacl callbacks

 *

 * A chmod also changes the permissions of the owner, group/mask, and

 * other ACL entries.

 */

int

generic_acl_chmod(struct inode *inode, struct generic_acl_operations *ops)

{

	struct posix_acl *acl, *clone;

	int error = 0;



	if (S_ISLNK(inode->i_mode))

		return -EOPNOTSUPP;

	acl = ops->getacl(inode, ACL_TYPE_ACCESS);

	if (acl) {

		clone = posix_acl_clone(acl, GFP_KERNEL);

		posix_acl_release(acl);

		if (!clone)

			return -ENOMEM;

		error = posix_acl_chmod_masq(clone, inode->i_mode);

		if (!error)

			ops->setacl(inode, ACL_TYPE_ACCESS, clone);

		posix_acl_release(clone);

	}

	return error;

}

include/linux/generic_acl.h

0 → 100644
+36 −0
Original line number Diff line number Diff line 
/*

 * fs/generic_acl.c

 *

 * (C) 2005 Andreas Gruenbacher <agruen@suse.de>

 *

 * This file is released under the GPL.

 */



#ifndef GENERIC_ACL_H

#define GENERIC_ACL_H



#include <linux/posix_acl.h>

#include <linux/posix_acl_xattr.h>



/**

 * struct generic_acl_operations  -  filesystem operations

 *

 * Filesystems must make these operations available to the generic

 * operations.

 */

struct generic_acl_operations {

	struct posix_acl *(*getacl)(struct inode *, int);

	void (*setacl)(struct inode *, int, struct posix_acl *);

};



size_t generic_acl_list(struct inode *, struct generic_acl_operations *, int,

			char *, size_t);

int generic_acl_get(struct inode *, struct generic_acl_operations *, int,

		    void *, size_t);

int generic_acl_set(struct inode *, struct generic_acl_operations *, int,

		    const void *, size_t);

int generic_acl_init(struct inode *, struct inode *,

		     struct generic_acl_operations *);

int generic_acl_chmod(struct inode *, struct generic_acl_operations *);



#endif

CRA Git | Maintained and supported by SUSTech CRA and CCSE