PERFORCE change 146341 for review

Edward Tomasz Napierala trasz at FreeBSD.org
Thu Jul 31 20:25:57 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=146341

Change 146341 by trasz at trasz_traszkan on 2008/07/31 20:25:39

	Fix delete on filesystems with nfs4acls disabled.

Affected files ...

.. //depot/projects/soc2008/trasz_nfs4acl/TODO#25 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_posix1e.c#5 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_subr.c#5 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_lookup.c#8 edit

Differences ...

==== //depot/projects/soc2008/trasz_nfs4acl/TODO#25 (text+ko) ====

@@ -2,6 +2,8 @@
 
 - Make setfacl(1) error messages more user friendly.
 
+- Decide what to do with write vs append on regular files.
+
 - Either add or extend existing manual pages for new API routines:
   acl_add_flag_np, acl_clear_flags_np, acl_create_entry_np, acl_delete_entry_np,
   acl_delete_flag_np, acl_get_extended_np, acl_get_flag_np, acl_get_flagset_np,

==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_posix1e.c#5 (text+ko) ====

@@ -75,6 +75,12 @@
 		return (0);
 
 	/*
+	 * Unix does not provide any explicit "deny" access rules.
+	 */
+	if (acc_mode & VEXPLICIT_DENY)
+		return (0);
+
+	/*
 	 * Determine privileges now, but don't apply until we've found a DAC
 	 * entry that matches but has failed to allow access.
 	 *

==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_subr.c#5 (text+ko) ====

@@ -3463,6 +3463,12 @@
 	if (acc_mode == VSTAT)
 		return (0);
 
+	/*
+	 * Unix does not provide any explicit "deny" access rules.
+	 */
+	if (acc_mode & VEXPLICIT_DENY)
+		return (0);
+
 	/* Check the owner. */
 	if (cred->cr_uid == file_uid) {
 		dac_granted |= VADMIN;

==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_lookup.c#8 (text+ko) ====

@@ -101,12 +101,12 @@
 	if (error == 0)
 		return (0);
 
-	error = VOP_GRANULAR(vdp, VWRITE, ACL_DELETE_CHILD, cred, td);
+	error = VOP_GRANULAR(vdp, VADMIN, ACL_DELETE_CHILD, cred, td);
 	if (error == 0)
 		return (0);
 
-	error = VOP_GRANULAR(vdp, VWRITE | VEXPLICIT_DENY, ACL_DELETE_CHILD,
-	    cred, td);
+	error = VOP_GRANULAR(vdp, VADMIN | VEXPLICIT_DENY,
+	    ACL_DELETE_CHILD, cred, td);
 	if (error)
 		return (error);

More information about the p4-projects mailing list