fs: fix acl translation
Last cycle we extended the idmapped mounts infrastructure to support idmapped
mounts of idmapped filesystems (No such filesystem yet exist.).
Since then, the meaning of an idmapped mount is a mount whose idmapping is
different from the filesystems idmapping.
While doing that work we missed to adapt the acl translation helpers. They
still assume that checking for the identity mapping is enough. But they need to
use the no_idmapping() helper instead.
Note, POSIX ACLs are always translated right at the userspace-kernel boundary
using the caller's current idmapping and the initial idmapping. The order
depends on whether we're coming from or going to userspace. The filesystem's
idmapping doesn't matter at the border.
Consequently, if a non-idmapped mount is passed we need to make sure to always
pass the initial idmapping as the mount's idmapping and not the filesystem
idmapping. Since it's irrelevant here it would yield invalid ids and prevent
setting acls for filesystems that are mountable in a userns and support posix
acls (tmpfs and fuse).
A regression test will be added to xfstests in parallel.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215849
Fixes: bd303368b776 ("fs: support mapped mounts of mapped filesystems")
Cc: Seth Forshee <sforshee@digitalocean.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org # 5.17
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
Hey Linus,
Last cycle we introduced a regression that got reported to me right over Easter
on Bugzilla. It is only relevant for 5.17 and current mainline. Could you
please apply this regression fix?
Thanks!
Christian
3 files changed
