From: Matthew Wilcox <willy@infradead.org>
To: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Jann Horn <jannh@google.com>, Omar Sandoval <osandov@osandov.com>,
Aleksa Sarai <cyphar@cyphar.com>, Jens Axboe <axboe@kernel.dk>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
linux-btrfs@vger.kernel.org, Dave Chinner <david@fromorbit.com>,
Linux API <linux-api@vger.kernel.org>,
Kernel Team <kernel-team@fb.com>,
Andy Lutomirski <luto@kernel.org>
Subject: Re: [RFC PATCH 2/3] fs: add RWF_ENCODED for writing compressed data
Date: Tue, 24 Sep 2019 13:50:14 -0700 [thread overview]
Message-ID: <20190924205014.GJ1855@bombadil.infradead.org> (raw)
In-Reply-To: <20190924202229.mjvjigpnrskjtk5n@wittgenstein>
On Tue, Sep 24, 2019 at 10:22:29PM +0200, Christian Brauner wrote:
> On Tue, Sep 24, 2019 at 10:01:41PM +0200, Jann Horn wrote:
> > Mmh... but if the file descriptor has been passed through a privilege
> > boundary, it isn't really clear whether the original opener of the
> > file intended for this to be possible. For example, if (as a
> > hypothetical example) the init process opens a service's logfile with
> > root privileges, then passes the file descriptor to that logfile to
> > the service on execve(), that doesn't mean that the service should be
> > able to perform compressed writes into that file, I think.
>
> I think we should even generalize this: for most new properties a given
> file descriptor can carry we would want it to be explicitly enabled such
> that passing the fd around amounts to passing that property around. At
> least as soon as we consider it to be associated with some privilege
> boundary. I don't think we have done this generally. But I would very
> much support moving to such a model.
I think you've got this right. This needs to be an fcntl() flag, which
is only settable by root. Now, should it be an O_ flag, modifiable by
F_SETFL, or should it be a new F_ flag?
next prev parent reply other threads:[~2019-09-24 20:50 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-19 6:53 [RFC PATCH 0/3] fs: interface for directly writing encoded (e.g., compressed) data Omar Sandoval
2019-09-19 6:53 ` [RFC PATCH 1/3] fs: pass READ/WRITE to kiocb_set_rw_flags() Omar Sandoval
2019-09-20 14:38 ` Jan Kara
2019-09-19 6:53 ` [PATCH] readv.2: Document new RWF_ENCODED flag to pwritev2() Omar Sandoval
2019-09-19 6:53 ` [RFC PATCH 2/3] fs: add RWF_ENCODED for writing compressed data Omar Sandoval
2019-09-19 15:44 ` Jann Horn
2019-09-20 16:25 ` Jens Axboe
2019-09-24 17:15 ` Omar Sandoval
2019-09-24 19:35 ` Omar Sandoval
2019-09-24 20:01 ` Jann Horn
2019-09-24 20:22 ` Christian Brauner
2019-09-24 20:50 ` Matthew Wilcox [this message]
2019-09-24 20:38 ` Omar Sandoval
2019-09-25 7:11 ` Dave Chinner
2019-09-25 12:07 ` Colin Walters
2019-09-25 14:56 ` [RFC PATCH 2/3] " Chris Mason
2019-09-26 12:17 ` Colin Walters
2019-09-26 17:46 ` Omar Sandoval
2019-09-25 15:08 ` [RFC PATCH 2/3] fs: " Theodore Y. Ts'o
2019-09-25 22:52 ` Dave Chinner
2019-09-26 0:36 ` Omar Sandoval
2019-09-19 6:53 ` [RFC PATCH 3/3] btrfs: implement encoded (compressed) writes Omar Sandoval
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190924205014.GJ1855@bombadil.infradead.org \
--to=willy@infradead.org \
--cc=axboe@kernel.dk \
--cc=christian.brauner@ubuntu.com \
--cc=cyphar@cyphar.com \
--cc=david@fromorbit.com \
--cc=jannh@google.com \
--cc=kernel-team@fb.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=osandov@osandov.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).