summaryrefslogtreecommitdiffstats
path: root/include/uapi
diff options
context:
space:
mode:
authorMiklos Szeredi <mszeredi@redhat.com>2022-11-10 15:46:33 +0100
committerMiklos Szeredi <mszeredi@redhat.com>2023-01-26 17:10:38 +0100
commit8ed7cb3f279fe67a93f407ee2ec3ea661a483a65 (patch)
treecdce22c462eab384ddfa139affcedfd28b7e93c8 /include/uapi
parent15d937d7ca8c55d2b0ce9116e20c780fdd0b67cc (diff)
downloadlinux-stable-8ed7cb3f279fe67a93f407ee2ec3ea661a483a65.tar.gz
linux-stable-8ed7cb3f279fe67a93f407ee2ec3ea661a483a65.tar.bz2
linux-stable-8ed7cb3f279fe67a93f407ee2ec3ea661a483a65.zip
fuse: optional supplementary group in create requests
Permission to create an object (create, mkdir, symlink, mknod) needs to take supplementary groups into account. Add a supplementary group request extension. This can contain an arbitrary number of group IDs and can be added to any request. This extension is not added to any request by default. Add FUSE_CREATE_SUPP_GROUP init flag to enable supplementary group info in creation requests. This adds just a single supplementary group that matches the parent group in the case described above. In other cases the extension is not added. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'include/uapi')
-rw-r--r--include/uapi/linux/fuse.h17
1 files changed, 17 insertions, 0 deletions
diff --git a/include/uapi/linux/fuse.h b/include/uapi/linux/fuse.h
index c71f12429e3d..1b9d0dfae72d 100644
--- a/include/uapi/linux/fuse.h
+++ b/include/uapi/linux/fuse.h
@@ -204,6 +204,8 @@
* - add total_extlen to fuse_in_header
* - add FUSE_MAX_NR_SECCTX
* - add extension header
+ * - add FUSE_EXT_GROUPS
+ * - add FUSE_CREATE_SUPP_GROUP
*/
#ifndef _LINUX_FUSE_H
@@ -365,6 +367,8 @@ struct fuse_file_lock {
* FUSE_SECURITY_CTX: add security context to create, mkdir, symlink, and
* mknod
* FUSE_HAS_INODE_DAX: use per inode DAX
+ * FUSE_CREATE_SUPP_GROUP: add supplementary group info to create, mkdir,
+ * symlink and mknod (single group that matches parent)
*/
#define FUSE_ASYNC_READ (1 << 0)
#define FUSE_POSIX_LOCKS (1 << 1)
@@ -401,6 +405,7 @@ struct fuse_file_lock {
/* bits 32..63 get shifted down 32 bits into the flags2 field */
#define FUSE_SECURITY_CTX (1ULL << 32)
#define FUSE_HAS_INODE_DAX (1ULL << 33)
+#define FUSE_CREATE_SUPP_GROUP (1ULL << 34)
/**
* CUSE INIT request/reply flags
@@ -509,10 +514,12 @@ struct fuse_file_lock {
/**
* extension type
* FUSE_MAX_NR_SECCTX: maximum value of &fuse_secctx_header.nr_secctx
+ * FUSE_EXT_GROUPS: &fuse_supp_groups extension
*/
enum fuse_ext_type {
/* Types 0..31 are reserved for fuse_secctx_header */
FUSE_MAX_NR_SECCTX = 31,
+ FUSE_EXT_GROUPS = 32,
};
enum fuse_opcode {
@@ -1073,4 +1080,14 @@ struct fuse_ext_header {
uint32_t type;
};
+/**
+ * struct fuse_supp_groups - Supplementary group extension
+ * @nr_groups: number of supplementary groups
+ * @groups: flexible array of group IDs
+ */
+struct fuse_supp_groups {
+ uint32_t nr_groups;
+ uint32_t groups[];
+};
+
#endif /* _LINUX_FUSE_H */