summaryrefslogtreecommitdiffstats
path: root/fs/orangefs/acl.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* posix_acl: Clear SGID bit when setting file permissionsJan Kara2016-09-221-10/+5
| | | | | | | | | | | | | | When file permissions are modified via chmod(2) and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in chmod(2). Fix that. References: CVE-2016-7097 Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
* orangefs: Remove useless xattr prefix argumentsAndreas Gruenbacher2016-07-051-6/+3
| | | | | | | | | | | | | | | | Mike, On Fri, Jun 3, 2016 at 9:44 PM, Mike Marshall <hubcap@omnibond.com> wrote: > We use the return value in this one line you changed, our userspace code gets > ill when we send it (-ENOMEM +1) as a key length... ah, my mistake. Here's a fixed version. Thanks, Andreas Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Mike Marshall <hubcap@omnibond.com>
* orangefs: Remove useless definesAndreas Gruenbacher2016-07-051-4/+4
| | | | | | | | The ORANGEFS_XATTR_INDEX_ defines are unused; the ORANGEFS_XATTR_NAME_ defines only obfuscate the code. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Mike Marshall <hubcap@omnibond.com>
* Orangefs: change pvfs2 filenames to orangefsMike Marshall2015-12-041-2/+2
| | | | | | | Also changed references within source files that referred to header files whose names had changed. Signed-off-by: Mike Marshall <hubcap@omnibond.com>
* OrangeFS: Change almost all instances of the string PVFS2 to OrangeFS.Yi Liu2015-12-031-21/+21
| | | | | | | | | | | | | | | | | | | | | | OrangeFS was formerly known as PVFS2 and retains the name in many places. I leave the device /dev/pvfs2-req since this affects userspace. I leave the filesystem type pvfs2 since this affects userspace. Further the OrangeFS sysint library reads fstab for an entry of type pvfs2 independently of kernel mounts. I leave extended attribute keys user.pvfs2 and system.pvfs2 as the sysint library understands these. I leave references to userspace binaries still named pvfs2. I leave the filenames. Signed-off-by: Yi Liu <yi9@clemson.edu> [martin@omnibond.com: clairify above constraints and merge] Signed-off-by: Martin Brandenburg <martin@omnibond.com> Signed-off-by: Mike Marshall <hubcap@omnibond.com>
* Orangefs: kernel client part 2Mike Marshall2015-10-031-0/+175
Signed-off-by: Mike Marshall <hubcap@omnibond.com>