Chapter 11: Extended Attributes and Access Control Lists
If the ACL is not yet cached, then firstext3_xattr_getis called to retrieve the raw data from the
extended attribute subsystem^4 ; the conversion from the on-disk to the in-memory representation is per-
formed with the aid ofext3_acl_from_disk. Before a pointer to this representation can be returned, the
cache field in question ofext3_inode_infois updated so that subsequent requests can directly get the
in-memory representation.
ModifyingACLs
The functionext3_acl_chmodis responsible for keeping ACLs up to date and consistent when the
(generic) attributes of a file are changed viaext3_setattrthat is, in turn, called by the VFS layer and
thus triggered by the respective system calls from userspace. Sinceext3_acl_chmodis called at the very
end ofext3_setattr, the new desired mode has already been set for the classical access control part
of the inode. A pointer to the instance ofstruct inodein question is thus sufficient as input data. The
operational logic ofext3_acl_chmodis depicted in the code flow diagram in Figure 11-11.
Get a cloned working copy of the ACL
Get handle
Stop journalling
Release clone
ext3_acl_chmod
ext3_get_acl
posix_acl_chmod_masq
ext3_set_acl
Figure 11-11: Code flow diagram for
ext3_acl_chmod.
After retrieving a pointer to the in-memory representation of the ACL data, a clone as work-
ing copy is created using the helper functionposix_acl_clone. The main work is delegated to
posix_acl_chmod_masqcovered below. The remaining work for the Ext3 code deals with technical issues:
After a handle for the transaction has been obtained,ext3_set_aclis used to write back the modified
ACL data. Finally, the end of the operation is announced to the journal, and the clone is released.
The generic work of updating the ACL data is performed inposix_acl_chmod_masqby iterating over all
ACL entries. The relevant entries for the owning user and group as well as the generic entry for ‘‘other’’
and mask entries are updated to reflect the new situation:
fs/posix_acl.c
int
posix_acl_chmod_masq(struct posix_acl *acl, mode_t mode)
{
struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL;
(^4) Note that there are actually two calls toext3_xattr_get: The first computes how much memory is needed to hold the data, then
the appropriate amount is allocated withvmalloc,andthesecondcallofext3_xattr_getactually transfers the desired data.