NeilBrown <ne...@suse.com> wrote:
> diff --git a/fs/afs/security.c b/fs/afs/security.c
> index 81dfedb7879f..ac2e39de8bff 100644
> --- a/fs/afs/security.c
> +++ b/fs/afs/security.c
> @@ -349,6 +349,16 @@ int afs_permission(struct inode *inode, int mask)
> if (mask & MAY_NOT_BLOCK)
> return -ECHILD;
>
> + /* Short-circuit for owner */
> + if (mask & MAY_ACT_AS_OWNER) {
> + if (inode_owner_or_capable(inode))
You don't know that inode->i_uid in meaningful. You may have noticed that
afs_permission() ignores i_uid and i_gid entirely. It queries the server (if
this information is not otherwise cached) to ask what permits the user is
granted - where the user identity is defined by the key returned from
afs_request_key()[*].
So, NAK for the afs piece.
David
[*] If there's no appropriate key, anonymous permits will be used.
