提交 a343bb77 编写于 作者: T Trond Myklebust

VFS: Fix access("file", X_OK) in the presence of ACLs

Currently, the access() call will return incorrect information on NFS if
there exists an ACL that grants execute access to the user on a regular
file. The reason the information is incorrect is that the VFS overrides
this execute access in open_exec() by checking (inode->i_mode & 0111).

This patch propagates the VFS execute bit check back into the generic
permission() call.
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 64cbae98848c4c99851cb0a405f0b4982cd76c1e commit)
上级 16b4289c
......@@ -227,10 +227,10 @@ int generic_permission(struct inode *inode, int mask,
int permission(struct inode *inode, int mask, struct nameidata *nd)
{
umode_t mode = inode->i_mode;
int retval, submask;
if (mask & MAY_WRITE) {
umode_t mode = inode->i_mode;
/*
* Nobody gets write access to a read-only fs.
......@@ -247,6 +247,13 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
}
/*
* MAY_EXEC on regular files requires special handling: We override
* filesystem execute permissions if the mode bits aren't set.
*/
if ((mask & MAY_EXEC) && S_ISREG(mode) && !(mode & S_IXUGO))
return -EACCES;
/* Ordinary permission routines do not understand MAY_APPEND. */
submask = mask & ~MAY_APPEND;
if (inode->i_op && inode->i_op->permission)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册