fs/vfs: add parent-directory permission checks for unlink, mkdir and rename#18902
Open
Abhishekmishra2808 wants to merge 1 commit into
Open
fs/vfs: add parent-directory permission checks for unlink, mkdir and rename#18902Abhishekmishra2808 wants to merge 1 commit into
Abhishekmishra2808 wants to merge 1 commit into
Conversation
Abhishekmishra2808
requested review from
Donny9,
GUIDINGLI,
btashton,
jerpelea,
pkarashchenko and
xiaoxiang781216
as code owners
Abhishekmishra2808
changed the title
github-actions
Bot
added
Area: File System
Add pseudoFS permission enforcement for unlink(), mkdir(), and rename() VFS mutation operations. This change validates parent-directory permissions before modifying pseudoFS inode topology and returns -EACCES for unauthorized operations. The implementation preserves mountpoint filesystem behavior and fixes multiple inode lifetime/search-state issues in the rename path. Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
Abhishekmishra2808
force-pushed
the
fs/inode-checkperm-vfs-ops
branch
from
a90a4d0 to
0e9e246
Compare
| return OK; | ||
| } | ||
|
|
||
| if ((oflags & O_RDOK) != 0) |
Contributor
There was a problem hiding this comment.
move out of if/else to avoid the dup with line 257-265
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note: Please adhere to Contributing Guidelines.
Summary
Implemented pseudoFS permission enforcement for VFS mutation operations:
unlink(),mkdir(), andrename().This change introduces parent-directory permission validation using
inode_checkdirperm()before modifying pseudoFS inode topology. Unauthorized operations now correctly return -EACCES based on effective uid/gid and inode mode bits.The implementation preserves existing mountpoint filesystem behavior and correctly handles rename path-rewrite cases such as
mv file dir/.Impact
This extends pseudoFS permission enforcement by extending checks beyond open() into filesystem mutation paths. The update prevents unauthorized file removal, directory creation, and file renaming/moves
including bypass scenarios where rename operations could previously modify filesystem state without proper parent-directory permission checks.
Testing
ostest also passed