linux-hardened/fs/ocfs2
Jan Kara 19ec8e4858 ocfs2: don't clear SGID when inheriting ACLs
When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
set, DIR1 is expected to have SGID bit set (and owning group equal to
the owning group of 'DIR0').  However when 'DIR0' also has some default
ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
'DIR1' to get cleared if user is not member of the owning group.

Fix the problem by moving posix_acl_update_mode() out of ocfs2_set_acl()
into ocfs2_iop_set_acl().  That way the function will not be called when
inheriting ACLs which is what we want as it prevents SGID bit clearing
and the mode has been properly set by posix_acl_create() anyway.  Also
posix_acl_chmod() that is calling ocfs2_set_acl() takes care of updating
mode itself.

Fixes: 073931017b ("posix_acl: Clear SGID bit when setting file permissions")
Link: http://lkml.kernel.org/r/20170801141252.19675-3-jack@suse.cz
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: Mark Fasheh <mfasheh@versity.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Joseph Qi <jiangqi903@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-08-02 17:16:13 -07:00
..
cluster ocfs2: free 'dummy_sc' in sc_fop_release() to prevent memory leak 2017-07-06 16:24:30 -07:00
dlm sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
dlmfs sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
acl.c ocfs2: don't clear SGID when inheriting ACLs 2017-08-02 17:16:13 -07:00
acl.h ocfs2: fix posix_acl_create deadlock 2016-05-12 15:52:50 -07:00
alloc.c sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
alloc.h ocfs2: retry on ENOSPC if sufficient space in truncate log 2016-08-02 17:31:41 -04:00
aops.c fs: add i_blocksize() 2017-02-27 18:43:46 -08:00
aops.h ocfs2: clean up unused 'page' parameter in ocfs2_write_end_nolock() 2016-12-12 18:55:06 -08:00
blockcheck.c
blockcheck.h
buffer_head_io.c block,fs: untangle fs.h and blk_types.h 2016-11-01 09:43:26 -06:00
buffer_head_io.h
dcache.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
dcache.h
dir.c ocfs2: fix not enough credit panic 2016-11-11 08:12:37 -08:00
dir.h VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
dlmglue.c ocfs2: fix deadlock caused by recursive locking in xattr 2017-06-23 16:15:55 -07:00
dlmglue.h ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock 2017-02-22 16:41:27 -08:00
export.c ocfs2: Use ERR_CAST() to avoid cross-structure cast 2017-05-28 10:11:49 -07:00
export.h
extent_map.c ocfs2: neaten do_error, ocfs2_error and ocfs2_abort 2015-09-04 16:54:41 -07:00
extent_map.h
file.c statx: Add a system call to make enhanced file info available 2017-03-02 20:51:15 -05:00
file.h statx: Add a system call to make enhanced file info available 2017-03-02 20:51:15 -05:00
filecheck.c ocfs2: sysfile interfaces for online file check 2016-03-22 15:36:02 -07:00
filecheck.h ocfs2: sysfile interfaces for online file check 2016-03-22 15:36:02 -07:00
heartbeat.c
heartbeat.h
inode.c ocfs2: fix a static checker warning 2017-07-06 16:24:30 -07:00
inode.h ocfs2: convert inode refcount test to a helper 2016-12-10 12:39:45 -08:00
ioctl.c wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
ioctl.h
journal.c ocfs2: use time64_t to represent orphan scan times 2016-12-12 18:55:06 -08:00
journal.h jbd2: add support for avoiding data writes during transaction commits 2016-04-24 00:56:07 -04:00
Kconfig
localalloc.c ocfs2: fix occurring deadlock by changing ocfs2_wq from global to local 2016-03-25 16:37:42 -07:00
localalloc.h
locks.c ocfs2: fix flock panic issue 2015-12-29 17:45:49 -08:00
locks.h
Makefile ocfs2: disable BUG assertions in reading blocks 2016-06-24 17:23:52 -07:00
mmap.c mm, fs: reduce fault, page_mkwrite, and pfn_mkwrite to take only vmf 2017-02-24 17:46:54 -08:00
mmap.h
move_extents.c ocfs2: convert inode refcount test to a helper 2016-12-10 12:39:45 -08:00
move_extents.h
namei.c ocfs2: replace CURRENT_TIME macro 2016-12-12 18:55:06 -08:00
namei.h ocfs2: do not include dio entry in case of orphan scan 2015-11-05 19:34:48 -08:00
ocfs1_fs_compat.h
ocfs2.h ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock 2017-02-22 16:41:27 -08:00
ocfs2_fs.h ocfs2: use magic.h 2017-07-06 16:24:30 -07:00
ocfs2_ioctl.h
ocfs2_lockid.h
ocfs2_lockingver.h
ocfs2_trace.h switch generic_file_splice_read() to use of ->read_iter() 2016-10-05 18:23:56 -04:00
quota.h quota: constify qtree_fmt_operations structures 2016-01-04 10:58:35 +01:00
quota_global.c ocfs2: Protect periodic quota syncing with s_umount semaphore 2016-11-30 08:36:54 +01:00
quota_local.c ocfs2: Use s_umount for quota recovery protection 2016-11-30 08:37:21 +01:00
refcounttree.c vfs: fix isize/pos/len checks for reflink & dedupe 2016-12-22 23:00:23 -05:00
refcounttree.h ocfs2: implement the VFS clone_range, copy_range, and dedupe_range features 2016-12-10 12:39:45 -08:00
reservations.c ocfs2: make resv_lock spinlock static 2015-02-10 14:30:29 -08:00
reservations.h
resize.c ocfs2: solve a problem of crossing the boundary in updating backups 2016-03-25 16:37:42 -07:00
resize.h
slot_map.c ocfs2: clean up an unneeded goto in ocfs2_put_slot() 2016-05-19 19:12:14 -07:00
slot_map.h
stack_o2cb.c ocfs2: avoid a pointless delay in o2cb_cluster_check() 2015-04-14 16:48:57 -07:00
stack_user.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
stackglue.c ocfs2: constify attribute_group structures 2017-07-06 16:24:30 -07:00
stackglue.h ocfs2: fix crash caused by stale lvb with fsdlm plugin 2017-01-10 18:31:54 -08:00
suballoc.c ocfs2: fix double unlock in case retry after free truncate log 2016-09-19 15:36:17 -07:00
suballoc.h
super.c fs: switch ->s_uuid to uuid_t 2017-06-05 16:59:12 +02:00
super.h ocfs2: fix occurring deadlock by changing ocfs2_wq from global to local 2016-03-25 16:37:42 -07:00
symlink.c vfs: remove ".readlink = generic_readlink" assignments 2016-12-09 16:45:04 +01:00
symlink.h
sysfile.c
sysfile.h
uptodate.c ocfs2: remove NULL assignments on static 2014-06-04 16:53:53 -07:00
uptodate.h
xattr.c ocfs2: fix deadlock caused by recursive locking in xattr 2017-06-23 16:15:55 -07:00
xattr.h ocfs2: fix posix_acl_create deadlock 2016-05-12 15:52:50 -07:00