From: NeilBrown <neilb@suse.com>
Subject: VFS: don't test owner for NFS in set_posix_acl()
References: bsc#1103405
Patch-mainline: Never, this is a hack
The owner seen in inode->i_uid should not be used for permission
checking in NFS. The server should always be asked, either with the
ACCESS request, or by trying the operation.
posix_set_acl() does test inode->i_uid, so can deny permission
when it should be granted. So disable this for NFS.
Upstream fix will probably add a new flag to inode_permission(), and
use that.
Signed-off-by: NeilBrown <neilb@suse.com>
Acked-by: NeilBrown <neilb@suse.com>
---
fs/posix_acl.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -22,6 +22,7 @@
#include <linux/xattr.h>
#include <linux/export.h>
#include <linux/user_namespace.h>
+#include <linux/magic.h>
static struct posix_acl **acl_by_type(struct inode *inode, int type)
{
@@ -864,8 +865,14 @@ set_posix_acl(struct inode *inode, int t
if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
return acl ? -EACCES : 0;
- if (!inode_owner_or_capable(inode))
- return -EPERM;
+ /* NFS doesn't need an owner check, as the server will
+ * do that. The owner check is wrong when the server
+ * is mapping uids, such as with all_squash (which makes
+ * everyone an owner of a newly created file).
+ */
+ if (inode->i_sb->s_magic != NFS_SUPER_MAGIC)
+ if (!inode_owner_or_capable(inode))
+ return -EPERM;
if (acl) {
int ret = posix_acl_valid(inode->i_sb->s_user_ns, acl);