attr: add setattr_should_drop_sgid()

The current setgid stripping logic during write and ownership change operations is inconsistent and strewn over multiple places. In order to consolidate it and make more consistent we'll add a new helper setattr_should_drop_sgid(). The function retains the old behavior where we remove the S_ISGID bit unconditionally when S_IXGRP is set but also when it isn't set and the caller is neither in the group of the inode nor privileged over the inode. We will use this helper both in write operation permission removal such as file_remove_privs() as well as in ownership change operations. Reviewed-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
author: Christian Brauner <brauner@kernel.org> 2022-10-17 17:06:36 +0200
committer: Christian Brauner (Microsoft) <brauner@kernel.org> 2022-10-18 10:09:47 +0200
commit: 72ae017c5451860443a16fb2a8c243bff3e396b8 (patch)
tree: 0cc22a26a159d6763b57a185976b5b1704da6700 /fs/internal.h
parent: e243e3f94c804ecca9a8241b5babe28f35258ef4 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/internal.h b/fs/internal.h
index 1de39bbc9ddd..771b0468d70c 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -236,3 +236,9 @@ int do_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
 		struct xattr_ctx *ctx);
 
 ssize_t __kernel_write_iter(struct file *file, struct iov_iter *from, loff_t *pos);
+
+/*
+ * fs/attr.c
+ */
+int setattr_should_drop_sgid(struct user_namespace *mnt_userns,
+			     const struct inode *inode);
author	Christian Brauner <brauner@kernel.org>	2022-10-17 17:06:36 +0200
committer	Christian Brauner (Microsoft) <brauner@kernel.org>	2022-10-18 10:09:47 +0200
commit	72ae017c5451860443a16fb2a8c243bff3e396b8 (patch)
tree	0cc22a26a159d6763b57a185976b5b1704da6700 /fs/internal.h
parent	e243e3f94c804ecca9a8241b5babe28f35258ef4 (diff)