On Fri, Apr 15, 2022 at 07:02:18PM +0800, Yang Xu wrote:
> If underflying filesystem doesn't enable own CONFIG_FS_POSIX_ACL, then
> posix_acl_create can't be called. So we will miss umask strip, ie
> use ext4 with noacl or disblae CONFIG_EXT4_FS_POSIX_ACL.
Hm, maybe:
"All creation paths except for O_TMPFILE handle umask in the vfs
directly if the filesystem doesn't support or enable POSIX ACLs. If the
filesystem does then umask handling is deferred until
posix_acl_create().
Because, O_TMPFILE misses umask handling in the vfs it will not honor
umask settings. Fix this by adding the missing umask handling."
>
> Reported-by: Christian Brauner (Microsoft) <[email protected]>
> Signed-off-by: Yang Xu <[email protected]>
> ---
Acked-by: Christian Brauner (Microsoft) <[email protected]>
> fs/namei.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/namei.c b/fs/namei.c
> index 3f1829b3ab5b..bbc7c950bbdc 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -3521,6 +3521,8 @@ struct dentry *vfs_tmpfile(struct user_namespace *mnt_userns,
> child = d_alloc(dentry, &slash_name);
> if (unlikely(!child))
> goto out_err;
> + if (!IS_POSIXACL(dir))
> + mode &= ~current_umask();
> error = dir->i_op->tmpfile(mnt_userns, dir, child, mode);
> if (error)
> goto out_err;
> --
> 2.27.0
>
on 2022/4/15 22:17, Christian Brauner wrote:
> On Fri, Apr 15, 2022 at 07:02:18PM +0800, Yang Xu wrote:
>> If underflying filesystem doesn't enable own CONFIG_FS_POSIX_ACL, then
>> posix_acl_create can't be called. So we will miss umask strip, ie
>> use ext4 with noacl or disblae CONFIG_EXT4_FS_POSIX_ACL.
>
> Hm, maybe:
>
> "All creation paths except for O_TMPFILE handle umask in the vfs
> directly if the filesystem doesn't support or enable POSIX ACLs. If the
> filesystem does then umask handling is deferred until
> posix_acl_create().
> Because, O_TMPFILE misses umask handling in the vfs it will not honor
> umask settings. Fix this by adding the missing umask handling."
OK, will do it on v4.
Best Regards
Yang Xu
>
>>
>> Reported-by: Christian Brauner (Microsoft)<[email protected]>
>> Signed-off-by: Yang Xu<[email protected]>
>> ---
>
> Acked-by: Christian Brauner (Microsoft)<[email protected]>
>
>> fs/namei.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/fs/namei.c b/fs/namei.c
>> index 3f1829b3ab5b..bbc7c950bbdc 100644
>> --- a/fs/namei.c
>> +++ b/fs/namei.c
>> @@ -3521,6 +3521,8 @@ struct dentry *vfs_tmpfile(struct user_namespace *mnt_userns,
>> child = d_alloc(dentry,&slash_name);
>> if (unlikely(!child))
>> goto out_err;
>> + if (!IS_POSIXACL(dir))
>> + mode&= ~current_umask();
>> error = dir->i_op->tmpfile(mnt_userns, dir, child, mode);
>> if (error)
>> goto out_err;
>> --
>> 2.27.0
>>