diff options
author | Andreas Gruenbacher <agruen@suse.de> | 2005-12-20 16:29:05 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-12-20 10:31:33 -0800 |
commit | b7964c3d88668cef57e1a99861477168eeff4743 (patch) | |
tree | 8672bb2693fccdb97eaad46c7d59ef3c2ff069bf /fs/nfsd | |
parent | 9e28393998d3d0733097306762f6d1c083fc92c6 (diff) | |
download | kernel-common-b7964c3d88668cef57e1a99861477168eeff4743.tar.gz kernel-common-b7964c3d88668cef57e1a99861477168eeff4743.tar.bz2 kernel-common-b7964c3d88668cef57e1a99861477168eeff4743.zip |
[PATCH] nfsd: check for read-only exports before setting acls
We must check for MAY_SATTR before setting acls, which includes checking
for read-only exports: the lower-level setxattr operation that
eventually sets the acl cannot check export-level restrictions.
Bug reported by Martin Walter <mawa@uni-freiburg.de>.
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/nfsd')
-rw-r--r-- | fs/nfsd/nfs2acl.c | 2 | ||||
-rw-r--r-- | fs/nfsd/nfs3acl.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c index 7cbf0682b2f0..fc95c4df6693 100644 --- a/fs/nfsd/nfs2acl.c +++ b/fs/nfsd/nfs2acl.c @@ -107,7 +107,7 @@ static int nfsacld_proc_setacl(struct svc_rqst * rqstp, dprintk("nfsd: SETACL(2acl) %s\n", SVCFH_fmt(&argp->fh)); fh = fh_copy(&resp->fh, &argp->fh); - nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP); + nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR); if (!nfserr) { nfserr = nfserrno( nfsd_set_posix_acl( diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c index 64ba40572fea..16e10c170aed 100644 --- a/fs/nfsd/nfs3acl.c +++ b/fs/nfsd/nfs3acl.c @@ -101,7 +101,7 @@ static int nfsd3_proc_setacl(struct svc_rqst * rqstp, int nfserr = 0; fh = fh_copy(&resp->fh, &argp->fh); - nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP); + nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR); if (!nfserr) { nfserr = nfserrno( nfsd_set_posix_acl( |