[PATCH] nfsd: check for read-only exports before setting acls

We must check for MAY_SATTR before setting acls, which includes checking for read-only exports: the lower-level setxattr operation that eventually sets the acl cannot check export-level restrictions. Bug reported by Martin Walter <[email protected]>. Signed-off-by: Andreas Gruenbacher <[email protected]> Acked-by: Trond Myklebust <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
goeke · Dec 20, 2005 · b7964c3 · b7964c3
1 parent 9e28393
commit b7964c3
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c
@@ -107,7 +107,7 @@ static int nfsacld_proc_setacl(struct svc_rqst * rqstp,
 	dprintk("nfsd: SETACL(2acl)   %s\n", SVCFH_fmt(&argp->fh));
 
 	fh = fh_copy(&resp->fh, &argp->fh);
-	nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP);
+	nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR);
 
 	if (!nfserr) {
 		nfserr = nfserrno( nfsd_set_posix_acl(

diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
@@ -101,7 +101,7 @@ static int nfsd3_proc_setacl(struct svc_rqst * rqstp,
 	int nfserr = 0;
 
 	fh = fh_copy(&resp->fh, &argp->fh);
-	nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP);
+	nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR);
 
 	if (!nfserr) {
 		nfserr = nfserrno( nfsd_set_posix_acl(