[Devel] [PATCH rh7] ve/device_cgroup: kill ACC_QUOTA permission

Andrey Ryabinin aryabinin at virtuozzo.com
Thu Jun 16 08:21:41 PDT 2016 

This is a leftover from PCS6. Currently this code does absolutely
nothing, so let's remove it.

Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
 include/linux/fs.h       |  1 -
 security/device_cgroup.c | 13 ++-----------
 2 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/include/linux/fs.h b/include/linux/fs.h
index b035f62..1d0f27c 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -77,7 +77,6 @@ typedef void (dio_iodone_t)(struct kiocb *iocb, loff_t offset,
 /* called from RCU mode, don't block */
 #define MAY_NOT_BLOCK		0x00000080
 /* for devgroup-vs-openvz only */
-#define MAY_QUOTACTL		0x00010000
 #define MAY_MOUNT		0x00020000
 
 /*
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 08e80a5..2fa4979 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -22,10 +22,9 @@
 #define ACC_MKNOD 1
 #define ACC_READ  2
 #define ACC_WRITE 4
-#define ACC_QUOTA 8
 #define ACC_HIDDEN 16
 #define ACC_MOUNT 64
-#define ACC_MASK (ACC_MKNOD | ACC_READ | ACC_WRITE | ACC_QUOTA | ACC_MOUNT)
+#define ACC_MASK (ACC_MKNOD | ACC_READ | ACC_WRITE | ACC_MOUNT)
 
 #define DEV_BLOCK 1
 #define DEV_CHAR  2
@@ -925,8 +924,6 @@ int __devcgroup_inode_permission(struct inode *inode, int mask)
 		access |= ACC_WRITE;
 	if (mask & MAY_READ)
 		access |= ACC_READ;
-	if (mask & MAY_QUOTACTL)
-		access |= ACC_QUOTA;
 	if (mask & MAY_MOUNT)
 		access |= ACC_MOUNT;
 
@@ -946,8 +943,6 @@ int devcgroup_device_permission(umode_t mode, dev_t dev, int mask)
 		access |= ACC_WRITE;
 	if (mask & MAY_READ)
 		access |= ACC_READ;
-	if (mask & MAY_QUOTACTL)
-		access |= ACC_QUOTA;
 
 	return __devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), access);
 }
@@ -956,7 +951,7 @@ int devcgroup_device_visible(umode_t mode, int major, int start_minor, int nr_mi
 {
 	struct dev_cgroup *dev_cgroup;
 	struct dev_exception_item *ex;
-	short access = ACC_READ | ACC_WRITE | ACC_QUOTA;
+	short access = ACC_READ | ACC_WRITE;
 	bool match = false;
 
 	rcu_read_lock();
@@ -1060,8 +1055,6 @@ static unsigned decode_ve_perms(unsigned perm)
 		mask |= ACC_READ;
 	if (perm & S_IWOTH)
 		mask |= ACC_WRITE;
-	if (perm & S_IXGRP)
-		mask |= ACC_QUOTA;
 	if (perm & S_IXUSR)
 		mask |= ACC_MOUNT;
 
@@ -1076,8 +1069,6 @@ static unsigned encode_ve_perms(unsigned mask)
 		perm |= S_IROTH;
 	if (mask & ACC_WRITE)
 		perm |= S_IWOTH;
-	if (mask & ACC_QUOTA)
-		perm |= S_IXGRP;
 	if (mask & ACC_MOUNT)
 		perm |= S_IXUSR;
 
-- 
2.7.3

More information about the Devel mailing list