diff options
| author | Andreas Gruenbacher <[email protected]> | 2014-01-23 15:56:15 -0800 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2014-01-23 16:37:04 -0800 |
| commit | 949b9c3d4263c9b7c2448588afce37becd58e1ad (patch) | |
| tree | 9db6da020bb289372cd001a816768f2ececfffc0 /tools/perf/util/trace-event-scripting.c | |
| parent | e376ed7c85fe102ff63db2eb8a0c5595f68151fa (diff) | |
userns: relax the posix_acl_valid() checks
So far, POSIX ACLs are using a canonical representation that keeps all ACL
entries in a strict order; the ACL_USER and ACL_GROUP entries for specific
users and groups are ordered by user and group identifier, respectively.
The user-space code provides ACL entries in this order; the kernel
verifies that the ACL entry order is correct in posix_acl_valid().
User namespaces allow to arbitrary map user and group identifiers which
can cause the ACL_USER and ACL_GROUP entry order to differ between user
space and the kernel; posix_acl_valid() would then fail.
Work around this by allowing ACL_USER and ACL_GROUP entries to be in any
order in the kernel. The effect is only minor: file permission checks
will pick the first matching ACL_USER entry, and check all matching
ACL_GROUP entries.
(The libacl user-space library and getfacl / setfacl tools will not create
ACLs with duplicate user or group idenfifiers; they will handle ACLs with
entries in an arbitrary order correctly.)
Signed-off-by: Andreas Gruenbacher <[email protected]>
Cc: Eric W. Biederman <[email protected]>
Cc: Theodore Tso <[email protected]>
Cc: Christoph Hellwig <[email protected]>
Cc: Andreas Dilger <[email protected]>
Cc: Jan Kara <[email protected]>
Cc: Al Viro <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'tools/perf/util/trace-event-scripting.c')
0 files changed, 0 insertions, 0 deletions