lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240322154812.215369-1-lizetao1@huawei.com>
Date: Fri, 22 Mar 2024 23:48:07 +0800
From: Li Zetao <lizetao1@...wei.com>
To: <richard@....at>, <chengzhihao1@...wei.com>, <corbet@....net>,
	<kent.overstreet@...ux.dev>, <agruenba@...hat.com>
CC: <lizetao1@...wei.com>, <linux-mtd@...ts.infradead.org>,
	<linux-doc@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: [RFC PATCH v2 0/5] ubifs: Support POSIX Access Control Lists (ACLs)

Hi,

This patchset is base on [1] and [2], adding implementation of ACLs for
ubifs.

Implement ACLs features based on POSIX to solve some difficulties that
require fine-grained access control. At the same time, it is also to
facilitate cross-file system migration.

In order to simplify the implementation, only v2 version POSIX ACLs are
implemented, eliminating the need for in-memory and on-flash format
conversion. And no need to implement security xattr handler in ubifs.

Some testcases have been tested and passed:
  * generic testcases (modified version) for acl group in xfstest[3], they are generic/026/053/077/099/105/237/307/318/319/375/389/444/449/529/697.
  * tacl_xattr.sh (modified version) in LTP[4].

[1]: https://lore.kernel.org/linux-mtd/1441962597-13543-1-git-send-email-shengyong1@huawei.com/
[2]: https://lore.kernel.org/linux-mtd/1476046382-19185-1-git-send-email-pascal.eberhard@gmail.com/
[3]: https://kernel.googlesource.com/pub/scm/fs/xfs/xfstests-dev/+/refs/heads/master/tests/generic/
[4]: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/fs/acl/tacl_xattr.sh

Changelog:
v1 -> v2:
  * Adjust patch order.
  * Modify ubifs_xattr_remove to an external function to remove the
  * xattr of ACL.
  * Fix handling of updating file mode via ACL.

v1: https://lore.kernel.org/all/20240319161646.2153867-1-lizetao1@huawei.com/


Li Zetao (5):
  ubifs: Add ACLs config option
  ubifs: Implement POSIX Access Control Lists (ACLs)
  ubifs: Initialize or update ACLs for inode
  ubifs: Support accessing ACLs through inode_operations
  ubifs: Introduce ACLs mount options

 Documentation/filesystems/ubifs.rst |   4 +
 fs/ubifs/Kconfig                    |  14 ++
 fs/ubifs/Makefile                   |   1 +
 fs/ubifs/acl.c                      | 192 ++++++++++++++++++++++++++++
 fs/ubifs/dir.c                      |  22 ++++
 fs/ubifs/file.c                     |   6 +
 fs/ubifs/super.c                    |  41 ++++++
 fs/ubifs/ubifs.h                    |  16 +++
 fs/ubifs/xattr.c                    |   3 +-
 9 files changed, 297 insertions(+), 2 deletions(-)
 create mode 100644 fs/ubifs/acl.c

-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ