fuse: support idmapped ->permission inode op

We only cover the case when "default_permissions" flag is used. A reason for that is that otherwise all the permission checks are done in the userspace and we have to deal with VFS idmapping in the userspace (which is bad), alternatively we have to provide the userspace with idmapped req->in.h.uid/req->in.h.gid which is also not align with VFS idmaps philosophy. Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
2024-11-24 21:21:41 +00:00 · 2024-09-03 17:16:18 +02:00 · 2024-09-03 17:16:18 +02:00 · c1d82215d3
commit c1d82215d3
parent 2a8c810d5e
1 changed files with 2 additions and 2 deletions
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@ -1545,7 +1545,7 @@ static int fuse_permission(struct mnt_idmap *idmap,
 	}

 	if (fc->default_permissions) {
-		err = generic_permission(&nop_mnt_idmap, inode, mask);
+		err = generic_permission(idmap, inode, mask);

 		/* If permission is denied, try to refresh file
 		   attributes.  This is also needed, because the root
@ -1553,7 +1553,7 @@ static int fuse_permission(struct mnt_idmap *idmap,
 		if (err == -EACCES && !refreshed) {
 			err = fuse_perm_getattr(inode, mask);
 			if (!err)
-				err = generic_permission(&nop_mnt_idmap,
+				err = generic_permission(idmap,
 							 inode, mask);
 		}