Linux Kernel Architecture

Chapter 11: Extended Attributes and Access Control Lists

If the ACL is not yet cached, then firstext3_xattr_getis called to retrieve the raw data from the

extended attribute subsystem^4 ; the conversion from the on-disk to the in-memory representation is per-

formed with the aid ofext3_acl_from_disk. Before a pointer to this representation can be returned, the

cache field in question ofext3_inode_infois updated so that subsequent requests can directly get the

in-memory representation.

ModifyingACLs

The functionext3_acl_chmodis responsible for keeping ACLs up to date and consistent when the

(generic) attributes of a file are changed viaext3_setattrthat is, in turn, called by the VFS layer and

thus triggered by the respective system calls from userspace. Sinceext3_acl_chmodis called at the very

end ofext3_setattr, the new desired mode has already been set for the classical access control part

of the inode. A pointer to the instance ofstruct inodein question is thus sufficient as input data. The

operational logic ofext3_acl_chmodis depicted in the code flow diagram in Figure 11-11.

Get a cloned working copy of the ACL

Get handle

Stop journalling

Release clone

ext3_acl_chmod

ext3_get_acl

posix_acl_chmod_masq

ext3_set_acl

Figure 11-11: Code flow diagram for

ext3_acl_chmod.

After retrieving a pointer to the in-memory representation of the ACL data, a clone as work-

ing copy is created using the helper functionposix_acl_clone. The main work is delegated to

posix_acl_chmod_masqcovered below. The remaining work for the Ext3 code deals with technical issues:

After a handle for the transaction has been obtained,ext3_set_aclis used to write back the modified

ACL data. Finally, the end of the operation is announced to the journal, and the clone is released.

The generic work of updating the ACL data is performed inposix_acl_chmod_masqby iterating over all

ACL entries. The relevant entries for the owning user and group as well as the generic entry for ‘‘other’’

and mask entries are updated to reflect the new situation:

fs/posix_acl.c

int

posix_acl_chmod_masq(struct posix_acl *acl, mode_t mode)

{

struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL;

(^4) Note that there are actually two calls toext3_xattr_get: The first computes how much memory is needed to hold the data, then
the appropriate amount is allocated withvmalloc,andthesecondcallofext3_xattr_getactually transfers the desired data.