[Pvfs2-developers] patches: permission/acl bug fixes
Phil Carns
pcarns at wastedcycles.org
Tue Mar 20 08:36:33 EST 2007
acl-check-assert.patch:
------------------------
This is a bug fix to the server side acl handling. It replaces an
assertion with normal error handling to prevent a server from crashing
if it encounters invalid acl information.
check-group.patch:
------------------
This follows up on some recent fixes to the server side group checking.
I think the getpwuid_r() has the same issue that getpwuid_r() did, in
that you have to check if the last argument is NULL before using the
results of the function. There was also a double unlock in the function.
setgid-inherit-acl.patch:
-------------------------
This corrects setgid behavior if the "-o acl" mount option is used;
previously the setgid bit was not being inherited by new subdirectories
in this scenario.
root-squash.patch:
------------------
This is an update to the root squashing behavior. It is not a 100%
correct fix, but I think it is an improvement. Prior to this patch, the
root user could still write to an existing root owned file even when
squashed. After this patch, all writes from root are disallowed. The
basic problem is that there isn't enough permission information on
servers at the individual write operation level to decide whether to
allow or disallow the squashed write (I/O servers don't have owner or
permission data). The easiest fix is to stop all root writes on a
squashed file system. Normally a file system would allow root to write
to files owned by "nobody" (or whatever uid the mapping points to), but
this would be difficult to implement.
The above patch also fixes the get_fs_intent() function; it had a
"default: " case that made it too easy to forget to add operations to
the list. This patch removes the default case (so warnings show up at
build time now) and adds the listattr and smallio operations. The
former is needed for root squashing to work as well.
-Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: acl-check-assert.patch
Type: text/x-patch
Size: 825 bytes
Desc: not available
Url : http://www.beowulf-underground.org/pipermail/pvfs2-developers/attachments/20070320/4cd95f77/acl-check-assert.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: check-group.patch
Type: text/x-patch
Size: 1001 bytes
Desc: not available
Url : http://www.beowulf-underground.org/pipermail/pvfs2-developers/attachments/20070320/4cd95f77/check-group.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: root-squash.patch
Type: text/x-patch
Size: 3746 bytes
Desc: not available
Url : http://www.beowulf-underground.org/pipermail/pvfs2-developers/attachments/20070320/4cd95f77/root-squash.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: setgid-inherit-acl.patch
Type: text/x-patch
Size: 1090 bytes
Desc: not available
Url : http://www.beowulf-underground.org/pipermail/pvfs2-developers/attachments/20070320/4cd95f77/setgid-inherit-acl.bin
More information about the Pvfs2-developers
mailing list