[Cluster-devel] [PATCH] gfs2: Update setattr permission checks
Andreas Gruenbacher
agruenba at redhat.com
Tue Feb 27 17:31:20 UTC 2018
Update the permission checks in gfs2_setattr to match those in
notify_change. Previously, attempts to set the timestamps of an
append-only files to the current time were always denied.
Combines mainline commits beb29e058c35a and f2b20f6ee8423.
Fixes xfstest generic/079.
Signed-off-by: Andreas Gruenbacher <agruenba at redhat.com>
---
fs/gfs2/inode.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
index 8700eb815638..b76c5d6d2be2 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
@@ -1929,9 +1929,27 @@ static int gfs2_setattr(struct dentry *dentry, struct iattr *attr)
if (error)
return error;
- error = -EPERM;
- if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
- goto out;
+ if (attr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) {
+ error = -EPERM;
+ if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
+ goto out;
+ }
+
+ /*
+ * If utimes(2) and friends are called with times == NULL (or both
+ * times are UTIME_NOW), then we need to check for write permission
+ */
+ if (attr->ia_valid & ATTR_TOUCH) {
+ error = -EACCES;
+ if (IS_IMMUTABLE(inode))
+ goto out;
+
+ if (!inode_owner_or_capable(inode)) {
+ error = inode_permission(inode, MAY_WRITE);
+ if (error)
+ goto out;
+ }
+ }
error = setattr_prepare(dentry, attr);
if (error)
--
2.14.3
More information about the Cluster-devel
mailing list