forked from torvalds/linux
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fuse: Add support for FUSE_SETXATTR_V2 and FUSE_POSIX_ACL_UPDATE_MODE
File server can clear SGID when access acl is set and if caller does not have CAP_FSETID as well as none of caller's group are same as file owning group. This requires sending info to file server whether caller has CAP_FSETID or during setxattr(system.posix_acl_access). We don't have extra space in "struct fuse_setxattr_in" to send this extra information. Hence, add infrastructure so that client and server can agree on using setxattr_v2 which has space for additional flags. Also add new flag FUSE_POSIX_ACL_UPDATE_MODE so that file server knows it that client will send CAP_FSETID information when setxattr(system.posix_acl_access) happens. And file server can switch to callers uid/gid and drop CAP_FSETID. And this should lead to host kernel clearing SGID if need be. Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
- Loading branch information
Showing
4 changed files
with
56 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters