Mercurial > illumos > fmac
changeset 7879:2b795f3baa58
[fmac-discuss] [PATCH] Distinguish append vs. write in fmac_vnode_access()
The prior patch that extended fmac_vnode_access() to understand ACE
masks and moved the call to it from fop_access() to zfs_zaccess() did
not properly distinguish append vs. write access unlike the original
fmac_vnode_access() handling of traditional modes. This patch, on top
of the prior one, passes the flags down from zfs_zaccess() to
fmac_vnode_access() and handles the V_APPEND flag by remapping
ACE_WRITE_DATA mode to FILE__APPEND permission when it is set.
Webrev is available at: http://cr.opensolaris.org/~sds/append
author | Stephen Smalley <sds@tycho.nsa.gov> |
---|---|
date | Tue, 07 Oct 2008 11:13:56 -0400 |
parents | 08be291fa804 |
children | 83bea1900f31 |
files | usr/src/uts/common/fmac/fmac.c usr/src/uts/common/fs/zfs/zfs_acl.c |
diffstat | 2 files changed, 5 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/uts/common/fmac/fmac.c Tue Oct 07 11:13:46 2008 -0400 +++ b/usr/src/uts/common/fmac/fmac.c Tue Oct 07 11:13:56 2008 -0400 @@ -554,7 +554,7 @@ if (mode & (mask)) { \ mode &= ~(mask); \ av |= (perm); \ - } \ + } #define ACE_GETATTR_MASK (ACE_READ_NAMED_ATTRS | ACE_READ_ATTRIBUTES | \ ACE_READ_ACL) @@ -594,7 +594,8 @@ fmac_ace_to_av(ACE_EXECUTE, DIR__SEARCH); } else { fmac_ace_to_av(ACE_APPEND_DATA, FILE__APPEND); - fmac_ace_to_av(ACE_WRITE_DATA, FILE__WRITE); + fmac_ace_to_av(ACE_WRITE_DATA, (flags & V_APPEND) ? + FILE__APPEND : FILE__WRITE); fmac_ace_to_av(ACE_EXECUTE, FILE__EXECUTE); fmac_ace_to_av(ACE_DELETE, FILE__UNLINK); }
--- a/usr/src/uts/common/fs/zfs/zfs_acl.c Tue Oct 07 11:13:46 2008 -0400 +++ b/usr/src/uts/common/fs/zfs/zfs_acl.c Tue Oct 07 11:13:56 2008 -0400 @@ -2424,8 +2424,8 @@ out: if (!error) - error = fmac_vnode_access(ZTOV(check_zp), mode, V_ACE_MASK, cr, - B_TRUE); + error = fmac_vnode_access(ZTOV(check_zp), mode, + flags|V_ACE_MASK, cr, B_TRUE); if (is_attr) VN_RELE(ZTOV(xzp));