Lucid backport for 069ddcda37b2cf5bb4b6031a944c0e9359213262

Tyler Hicks tyler.hicks at canonical.com
Mon Aug 6 22:40:36 UTC 2012 

On 2012-08-06 14:57:13, Tim Gardner wrote:
> On 08/06/2012 02:50 PM, Tim Gardner wrote:
> > Tyler - as far as I can tell the super block flags get initialized
> > outside of the ecryptfs code. Is this patch sufficient for 2.6.32.y ?

Yeah, I see where they're getting initialized in get_sb_nodev(), which
is called just before ecryptfs_read_super().

I do have a simple testcase for this bug in ecryptfs-utils. Let me know
if you want instructions on how to build and run the test.

Tyler

> > 
> > rtg
> > 
> 
> Doh! see attached.
> 
> -- 
> Tim Gardner tim.gardner at canonical.com

> From e573cb89603f26bfcdab92d510eb92a45d0d75b0 Mon Sep 17 00:00:00 2001
> From: Tyler Hicks <tyhicks at canonical.com>
> Date: Mon, 11 Jun 2012 15:42:32 -0700
> Subject: [PATCH] eCryptfs: Copy up POSIX ACL and read-only flags from lower
>  mount
> 
> BugLink: http://bugs.launchpad.net/bugs/1009207
> 
> When the eCryptfs mount options do not include '-o acl', but the lower
> filesystem's mount options do include 'acl', the MS_POSIXACL flag is not
> flipped on in the eCryptfs super block flags. This flag is what the VFS
> checks in do_last() when deciding if the current umask should be applied
> to a newly created inode's mode or not. When a default POSIX ACL mask is
> set on a directory, the current umask is incorrectly applied to new
> inodes created in the directory. This patch ignores the MS_POSIXACL flag
> passed into ecryptfs_mount() and sets the flag on the eCryptfs super
> block depending on the flag's presence on the lower super block.
> 
> Additionally, it is incorrect to allow a writeable eCryptfs mount on top
> of a read-only lower mount. This missing check did not allow writes to
> the read-only lower mount because permissions checks are still performed
> on the lower filesystem's objects but it is best to simply not allow a
> rw mount on top of ro mount. However, a ro eCryptfs mount on top of a rw
> mount is valid and still allowed.
> 
> https://launchpad.net/bugs/1009207
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Reported-by: Stefan Beller <stefanbeller at googlemail.com>
> Cc: John Johansen <john.johansen at canonical.com>
> (back ported from commit 069ddcda37b2cf5bb4b6031a944c0e9359213262)
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> ---
>  fs/ecryptfs/main.c |    9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> index e2f18ad..783f7fc 100644
> --- a/fs/ecryptfs/main.c
> +++ b/fs/ecryptfs/main.c
> @@ -589,6 +589,15 @@ static int ecryptfs_read_super(struct super_block *sb, const char *dev_name,
>  	}
>  
>  	ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
> +
> +	/**
> +	 * Set the POSIX ACL flag based on whether they're enabled in the lower
> +	 * mount. Force a read-only eCryptfs mount if the lower mount is ro.
> +	 * Allow a ro eCryptfs mount even when the lower mount is rw.
> +	 */
> +	sb->s_flags &= ~MS_POSIXACL;
> +	sb->s_flags |= path.dentry->d_sb->s_flags & (MS_RDONLY | MS_POSIXACL);
> +
>  	sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
>  	sb->s_blocksize = path.dentry->d_sb->s_blocksize;
>  	ecryptfs_set_dentry_lower(sb->s_root, path.dentry);
> -- 
> 1.7.9.5
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20120806/bc5f13d4/attachment.sig>

More information about the kernel-team mailing list