return error;
}
-int
-ext2_permission(struct inode *inode, int mask, struct nameidata *nd)
+static int
+ext2_check_acl(struct inode *inode, int mask)
{
- int mode = inode->i_mode;
+ struct posix_acl *acl = ext2_get_acl(inode, ACL_TYPE_ACCESS);
-#warning MEF Get new BME patch, which I believe pushes these checks higher
- /* Nobody gets write access to a read-only fs */
- if ((mask & MAY_WRITE) && (IS_RDONLY(inode) ||
- (nd && MNT_IS_RDONLY(nd->mnt))) &&
- (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
- return -EROFS;
+ if (acl) {
+ int error = posix_acl_permission(inode, acl, mask);
+ posix_acl_release(acl);
+ return error;
+ }
- return generic_permission(inode, mask, 0);
+ return -EAGAIN;
+}
+
+int
+ext2_permission(struct inode *inode, int mask, struct nameidata *nd)
+{
+ return generic_permission(inode, mask, ext2_check_acl);
}
/*
return error;
}
-int
-ext3_permission(struct inode *inode, int mask, struct nameidata *nd)
+static int
+ext3_check_acl(struct inode *inode, int mask)
{
- int mode = inode->i_mode;
+ struct posix_acl *acl = ext3_get_acl(inode, ACL_TYPE_ACCESS);
-#warning MEF Need new BME patch for 2.6.10
- /* Nobody gets write access to a read-only fs */
- if ((mask & MAY_WRITE) && (IS_RDONLY(inode) ||
- (nd && MNT_IS_RDONLY(nd->mnt))) &&
- (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
- return -EROFS;
+ if (acl) {
+ int error = posix_acl_permission(inode, acl, mask);
+ posix_acl_release(acl);
+ return error;
+ }
- return generic_permission(inode, mask, 0);
+ return -EAGAIN;
+}
+
+int
+ext3_permission(struct inode *inode, int mask, struct nameidata *nd)
+{
+ return generic_permission(inode, mask, ext3_check_acl);
}
/*
{
umode_t mode = inode->i_mode;
- /* Prevent vservers from escaping chroot() barriers */
- if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN))
- return -EACCES;
-
if (mask & MAY_WRITE) {
/*
* Nobody gets write access to a read-only fs.
return -EACCES;
}
+#warning MEF: need to make CONFIG_VSERVER_FILESHARING a Kconfig option
+#define CONFIG_VSERVER_FILESHARING 1
+
static inline int xid_permission(struct inode *inode, int mask, struct nameidata *nd)
{
- if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN)) {
- vxwprintk(1, "xid=%d did hit the barrier.",
- vx_current_xid());
- return -EACCES;
- }
if (inode->i_xid == 0)
return 0;
- if (vx_check(inode->i_xid, VX_ADMIN|VX_WATCH|VX_IDENT))
+
+#ifdef CONFIG_VSERVER_FILESHARING
+ /* MEF: PlanetLab FS module assumes that any file that can be
+ * named (e.g., via a cross mount) is not hidden from another
+ * context or the admin context.
+ */
+ if (vx_check(inode->i_xid,VX_STATIC|VX_DYNAMIC))
+ return 0;
+#endif
+ if (vx_check(inode->i_xid,VX_ADMIN|VX_WATCH|VX_IDENT))
return 0;
vxwprintk(1, "xid=%d denied access to %p[#%d,%lu] »%s«.",
int submask;
umode_t mode = inode->i_mode;
+ /* Prevent vservers from escaping chroot() barriers */
+ if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN))
+ return -EACCES;
+
/* Ordinary permission routines do not understand MAY_APPEND. */
submask = mask & ~MAY_APPEND;
inode = dentry->d_inode;
if (!inode)
goto done;
- if (!vx_check(inode->i_xid, VX_WATCH|VX_HOSTID|VX_IDENT))
- goto hidden;
if (inode->i_sb->s_magic == PROC_SUPER_MAGIC) {
struct proc_dir_entry *de = PDE(inode);
if (de && !vx_hide_check(0, de->vx_flags))
goto hidden;
}
+#ifdef CONFIG_VSERVER_FILESHARING
+ /* MEF: PlanetLab FS module assumes that any file that can be
+ * named (e.g., via a cross mount) is not hidden from another
+ * context or the admin context.
+ */
+ if (vx_check(inode->i_xid,VX_STATIC|VX_DYNAMIC|VX_ADMIN)) {
+ /* do nothing */
+ }
+ else /* do the following check */
+#endif
+ if (!vx_check(inode->i_xid,
+ VX_WATCH|
+ VX_HOSTID|
+ VX_IDENT))
+ goto hidden;
done:
path->mnt = mnt;
path->dentry = dentry;