PERFORCE change 146341 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Thu Jul 31 20:25:57 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=146341
Change 146341 by trasz at trasz_traszkan on 2008/07/31 20:25:39
Fix delete on filesystems with nfs4acls disabled.
Affected files ...
.. //depot/projects/soc2008/trasz_nfs4acl/TODO#25 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_posix1e.c#5 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_subr.c#5 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_lookup.c#8 edit
Differences ...
==== //depot/projects/soc2008/trasz_nfs4acl/TODO#25 (text+ko) ====
@@ -2,6 +2,8 @@
- Make setfacl(1) error messages more user friendly.
+- Decide what to do with write vs append on regular files.
+
- Either add or extend existing manual pages for new API routines:
acl_add_flag_np, acl_clear_flags_np, acl_create_entry_np, acl_delete_entry_np,
acl_delete_flag_np, acl_get_extended_np, acl_get_flag_np, acl_get_flagset_np,
==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_posix1e.c#5 (text+ko) ====
@@ -75,6 +75,12 @@
return (0);
/*
+ * Unix does not provide any explicit "deny" access rules.
+ */
+ if (acc_mode & VEXPLICIT_DENY)
+ return (0);
+
+ /*
* Determine privileges now, but don't apply until we've found a DAC
* entry that matches but has failed to allow access.
*
==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_subr.c#5 (text+ko) ====
@@ -3463,6 +3463,12 @@
if (acc_mode == VSTAT)
return (0);
+ /*
+ * Unix does not provide any explicit "deny" access rules.
+ */
+ if (acc_mode & VEXPLICIT_DENY)
+ return (0);
+
/* Check the owner. */
if (cred->cr_uid == file_uid) {
dac_granted |= VADMIN;
==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_lookup.c#8 (text+ko) ====
@@ -101,12 +101,12 @@
if (error == 0)
return (0);
- error = VOP_GRANULAR(vdp, VWRITE, ACL_DELETE_CHILD, cred, td);
+ error = VOP_GRANULAR(vdp, VADMIN, ACL_DELETE_CHILD, cred, td);
if (error == 0)
return (0);
- error = VOP_GRANULAR(vdp, VWRITE | VEXPLICIT_DENY, ACL_DELETE_CHILD,
- cred, td);
+ error = VOP_GRANULAR(vdp, VADMIN | VEXPLICIT_DENY,
+ ACL_DELETE_CHILD, cred, td);
if (error)
return (error);
More information about the p4-projects
mailing list