LU-9859 libcfs: simplify capability dropping.

Lustre has a 'squash credentials' concept similar to the "anon_uid"
for nfsd.  When accessing a file with squashed credentials, we
need to also drop capabilities.
Linux has cap_drop_fs_set() and cap_drop_nfsd_set().  Rather than
taking a completely different approach, this patch changes lustre
to use this same cap_drop_*_set() approach.

With this change we also drop CAP_MKNOD and CAP_MAC_OVERRIDE
which are probably appropriate, and don't drop
CAP_SYS_ADMIN or CAP_SYS_BOOT which should be irrelevant for
file permission checking

Calling both cap_drop_*_set() seems a bit clumsy, but gets
the job done.

Linux-commit: f497115d4cf8a430c5d9902ce35716ba5f9c21ef

Change-Id: I2f4f691bc4ad090f6abaa4e13eb473bf8d904b23
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-on: https://review.whamcloud.com/41957
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/libcfs/include/libcfs/curproc.h b/libcfs/include/libcfs/curproc.h
index 296e2d0..197c0c9 100644 (file)
--- a/libcfs/include/libcfs/curproc.h
+++ b/libcfs/include/libcfs/curproc.h
@@ -41,16 +41,6 @@
 
 typedef __u32 cfs_cap_t;
 
-#define CFS_CAP_FS_MASK        (BIT(CAP_CHOWN)                 |       \
-                        BIT(CAP_DAC_OVERRIDE)          |       \
-                        BIT(CAP_DAC_READ_SEARCH)       |       \
-                        BIT(CAP_FOWNER)                |       \
-                        BIT(CAP_FSETID)                |       \
-                        BIT(CAP_LINUX_IMMUTABLE)       |       \
-                        BIT(CAP_SYS_ADMIN)             |       \
-                        BIT(CAP_SYS_BOOT)              |       \
-                        BIT(CAP_SYS_RESOURCE))
-
 static inline cfs_cap_t cfs_curproc_cap_pack(void)
 {
        /* cfs_cap_t is only the first word of kernel_cap_t */

diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index df25d52..0149146 100644 (file)
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -5265,7 +5265,6 @@ int ll_inode_permission(struct inode *inode, int mask)
        struct root_squash_info *squash;
        struct cred *cred = NULL;
        const struct cred *old_cred = NULL;
-       cfs_cap_t cap;
        bool squash_id = false;
        ktime_t kstart = ktime_get();
 
@@ -5309,10 +5308,9 @@ int ll_inode_permission(struct inode *inode, int mask)
 
                cred->fsuid = make_kuid(&init_user_ns, squash->rsi_uid);
                cred->fsgid = make_kgid(&init_user_ns, squash->rsi_gid);
-               for (cap = 0; cap < sizeof(cfs_cap_t) * 8; cap++) {
-                       if (BIT(cap) & CFS_CAP_FS_MASK)
-                               cap_lower(cred->cap_effective, cap);
-               }
+               cred->cap_effective = cap_drop_nfsd_set(cred->cap_effective);
+               cred->cap_effective = cap_drop_fs_set(cred->cap_effective);
+
                old_cred = override_creds(cred);
        }