summaryrefslogtreecommitdiff
path: root/fs/xfs/xfs_acl.c
diff options
context:
space:
mode:
authorChristoph Hellwig <hch@infradead.org>2008-02-05 12:13:24 +1100
committerLachlan McIlroy <lachlan@redback.melbourne.sgi.com>2008-02-07 18:22:38 +1100
commit4576758db5817a91b8974c696247d459dc653db2 (patch)
tree43b5b471510f0981ea2dc668ca7591a75831f111 /fs/xfs/xfs_acl.c
parentf6aa7f2184330262e1cb5f7802536e5346bd46a3 (diff)
[XFS] use generic_permission
Now that all direct caller of xfs_iaccess are gone we can kill xfs_iaccess and xfs_access and just use generic_permission with a check_acl callback. This is required for the per-mount read-only patchset in -mm to work properly with XFS. SGI-PV: 971186 SGI-Modid: xfs-linux-melb:xfs-kern:30370a Signed-off-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Diffstat (limited to 'fs/xfs/xfs_acl.c')
-rw-r--r--fs/xfs/xfs_acl.c30
1 files changed, 2 insertions, 28 deletions
diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
index 5bfb66f33caf..7272fe39a92d 100644
--- a/fs/xfs/xfs_acl.c
+++ b/fs/xfs/xfs_acl.c
@@ -392,32 +392,6 @@ xfs_acl_allow_set(
}
/*
- * The access control process to determine the access permission:
- * if uid == file owner id, use the file owner bits.
- * if gid == file owner group id, use the file group bits.
- * scan ACL for a matching user or group, and use matched entry
- * permission. Use total permissions of all matching group entries,
- * until all acl entries are exhausted. The final permission produced
- * by matching acl entry or entries needs to be & with group permission.
- * if not owner, owning group, or matching entry in ACL, use file
- * other bits.
- */
-STATIC int
-xfs_acl_capability_check(
- mode_t mode,
- cred_t *cr)
-{
- if ((mode & ACL_READ) && !capable_cred(cr, CAP_DAC_READ_SEARCH))
- return EACCES;
- if ((mode & ACL_WRITE) && !capable_cred(cr, CAP_DAC_OVERRIDE))
- return EACCES;
- if ((mode & ACL_EXECUTE) && !capable_cred(cr, CAP_DAC_OVERRIDE))
- return EACCES;
-
- return 0;
-}
-
-/*
* Note: cr is only used here for the capability check if the ACL test fails.
* It is not used to find out the credentials uid or groups etc, as was
* done in IRIX. It is assumed that the uid and groups for the current
@@ -438,7 +412,6 @@ xfs_acl_access(
matched.ae_tag = 0; /* Invalid type */
matched.ae_perm = 0;
- md >>= 6; /* Normalize the bits for comparison */
for (i = 0; i < fap->acl_cnt; i++) {
/*
@@ -520,7 +493,8 @@ xfs_acl_access(
break;
}
- return xfs_acl_capability_check(md, cr);
+ /* EACCES tells generic_permission to check for capability overrides */
+ return EACCES;
}
/*