Received: by 2002:aa6:c3ca:0:b029:c8:4414:5686 with SMTP id b10csp1829148lkq; Fri, 19 Mar 2021 12:58:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzhgN02hR6XZQvbO8wiz+6PO4jABF9AFkMI13HE0JG2K6t2g2E8QAJYL3kww1Wyzro8Vyd3 X-Received: by 2002:a17:906:7e12:: with SMTP id e18mr6538095ejr.316.1616183893286; Fri, 19 Mar 2021 12:58:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616183893; cv=none; d=google.com; s=arc-20160816; b=wTT5T2hjrXUOgRAd12ZnFfMx94OWrpMirHz9QrOis1EcJAahDGygupP85zvHOvRGfc VepYGzPYNvZU6QgkxLO+hJxsWbvq4TmJn29Ao497E0ysVr265k7ZYVSrPsrNKXHC01L0 Z+jf3+wNw9GRk+v8qTYf8/a1MOlcfWQK6U3O2i7y1y9EkJRcxfW7dHu+Ay8q8OSGYlSX +xMHX0j4gYXUeegQybssdR4mF2bH1kda7CpVmUbSoVZi+Y00iOtV9Ge+cKuTjpCEBZv3 FXmOj4ErU8jZs6VT/QDSz+A9I3IbtwpB02bk0XLH9ZqlCoEd8wTWG6l3LzlQJ7IocJjp wrBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=dWYozCwlu1FczO30gGHipO2kB8X8eyCR6cAqemLMC8E=; b=Rftac63lzi/X/ukUBz1/tGj5UPp6BtAcgvcMJn5AWHs58DURn65fNxB1uUUCDyUIkc 6lXNYlJpVwEBa/8+zc0BMzuRStqxsUD4Qjj5/wXNVDz5GnRcFgVT6K3D4/pxbcY/aYVn y+KQlGZrUefJV8JUn0yJgKgKiTbDyKaG4Y8e6qKsqLX/tmm/120eQ4hZTPcAzpAbV3cQ /Wuga1h9w5xUiFgnMxlgKzonDAOk1peXhU1MbhA7yNuolmxQqPnbudoi3GqjFuXQvSud agLOd8yGLKB41LL7YBYJ0rEptJWvRYr9ZE7G+dLusE0OUBEAAkGsDJ+YNA/htfay+ym3 ZpAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PaXR5WV5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bx12si5007571edb.404.2021.03.19.12.57.50; Fri, 19 Mar 2021 12:58:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PaXR5WV5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230235AbhCST4o (ORCPT + 99 others); Fri, 19 Mar 2021 15:56:44 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:58032 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230264AbhCST4M (ORCPT ); Fri, 19 Mar 2021 15:56:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1616183772; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=dWYozCwlu1FczO30gGHipO2kB8X8eyCR6cAqemLMC8E=; b=PaXR5WV5qd78CInNsqT4Urj7vm6NvgFg9B+ZQ6fvzrRktdA2vNh9j8S9oBAr6/C1oPaZ6W Z6tXkeIYcQrQIMG1wKGtKCsOYvrvY7/6TQu5DzLY5y4QYvkX4apfqtB2b5cMiAgQ5QbXNR +tdZwUn7BIEMLdDmCyue7aPs/jakK0w= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-107-CKBav8n4O_C7CKrR0QsitA-1; Fri, 19 Mar 2021 15:56:08 -0400 X-MC-Unique: CKBav8n4O_C7CKrR0QsitA-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BABC11084D69; Fri, 19 Mar 2021 19:56:06 +0000 (UTC) Received: from horse.redhat.com (ovpn-114-114.rdu2.redhat.com [10.10.114.114]) by smtp.corp.redhat.com (Postfix) with ESMTP id D3F1C60C04; Fri, 19 Mar 2021 19:56:02 +0000 (UTC) Received: by horse.redhat.com (Postfix, from userid 10451) id 380D3220BCF; Fri, 19 Mar 2021 15:56:02 -0400 (EDT) From: Vivek Goyal To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, virtio-fs@redhat.com, miklos@szeredi.hu Cc: vgoyal@redhat.com, lhenriques@suse.de, dgilbert@redhat.com, seth.forshee@canonical.com Subject: [PATCH 0/3] fuse: Fix clearing SGID when access ACL is set Date: Fri, 19 Mar 2021 15:55:44 -0400 Message-Id: <20210319195547.427371-1-vgoyal@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Luis reported that xfstests generic/375 fails with virtiofs. Little debugging showed that when posix access acl is set that in some cases SGID needs to be cleared and that does not happen with virtiofs. Setting posix access acl can lead to mode change and it can also lead to clear of SGID. fuse relies on file server taking care of all the mode changes. But file server does not have enough information to determine whether SGID should be cleared or not. Hence this patch series add support to send a flag in SETXATTR message to tell server to clear SGID. I have staged corresponding virtiofsd patches here. https://github.com/rhvgoyal/qemu/commits/acl-sgid-setxattr-flag With these patches applied "./check -g acl" passes now on virtiofs. Vivek Goyal (3): posic_acl: Add a helper determine if SGID should be cleared fuse: Add support for FUSE_SETXATTR_V2 fuse: Add a flag FUSE_SETXATTR_ACL_KILL_SGID to kill SGID fs/fuse/acl.c | 7 ++++++- fs/fuse/fuse_i.h | 5 ++++- fs/fuse/inode.c | 4 +++- fs/fuse/xattr.c | 21 +++++++++++++++------ fs/posix_acl.c | 3 +-- include/linux/posix_acl.h | 11 +++++++++++ include/uapi/linux/fuse.h | 17 +++++++++++++++++ 7 files changed, 57 insertions(+), 11 deletions(-) -- 2.25.4