From: Casey Schaufler <casey@schaufler-ca.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Valdis.Kletnieks@vt.edu,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
agruen@kernel.org, akpm@linux-foundation.org,
dhowells@redhat.com, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org,
LSM <linux-security-module@vger.kernel.org>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH -V6 00/26] New ACL format for better NFSv4 acl interoperability
Date: Mon, 12 Sep 2011 15:38:24 -0700 [thread overview]
Message-ID: <4E6E89E0.4010406@schaufler-ca.com> (raw)
In-Reply-To: <20110912222014.GA17483@fieldses.org>
On 9/12/2011 3:20 PM, J. Bruce Fields wrote:
> On Mon, Sep 12, 2011 at 02:34:04PM -0700, Casey Schaufler wrote:
>> On 9/7/2011 5:46 PM, Valdis.Kletnieks@vt.edu wrote:
>>> On Mon, 05 Sep 2011 15:42:17 PDT, Casey Schaufler said:
>>>> On 9/5/2011 10:25 AM, Aneesh Kumar K.V wrote:
>>>>> The following set of patches implements VFS and ext4 changes needed to implement
>>>>> a new acl model for linux. Rich ACLs are an implementation of NFSv4 ACLs,
>>>>> extended by file( masks to fit into the standard POSIX file permission model.
>>>>> They are designed to work seamlessly locally as well as across the NFSv4 and
>>>>> CIFS/SMB2 network file system protocols.
>>>> POSIX ACLs predate the LSM and can't be done as an LSM due to
>>>> the interactions between mode bits and ACLs as defined by the
>>>> POSIX DRAFT specification.
> I don't know LSM so don't understand what you mean when you say that
> interactions between mode bits and ACLs would make an ACL model hard to
> implement as an LSM.
POSIX ACLs require that the file permission bits change when
the ACL changes. This interaction violates the strict "additional
restriction" model of the LSM.
> But in any case the rich acl/mode bit interactions are similar to the
> posix acl/mode bit interactions, so the same issue probably applies.
It would help if you knew for sure and could explain the interaction
in sufficient detail to justify the position.
>
> --b.
>
WARNING: multiple messages have this Message-ID (diff)
From: Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
To: "J. Bruce Fields" <bfields-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
Cc: Valdis.Kletnieks-PjAqaU27lzQ@public.gmane.org,
"Aneesh Kumar K.V"
<aneesh.kumar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>,
agruen-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org,
dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
LSM
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
Subject: Re: [PATCH -V6 00/26] New ACL format for better NFSv4 acl interoperability
Date: Mon, 12 Sep 2011 15:38:24 -0700 [thread overview]
Message-ID: <4E6E89E0.4010406@schaufler-ca.com> (raw)
In-Reply-To: <20110912222014.GA17483-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
On 9/12/2011 3:20 PM, J. Bruce Fields wrote:
> On Mon, Sep 12, 2011 at 02:34:04PM -0700, Casey Schaufler wrote:
>> On 9/7/2011 5:46 PM, Valdis.Kletnieks-PjAqaU27lzQ@public.gmane.org wrote:
>>> On Mon, 05 Sep 2011 15:42:17 PDT, Casey Schaufler said:
>>>> On 9/5/2011 10:25 AM, Aneesh Kumar K.V wrote:
>>>>> The following set of patches implements VFS and ext4 changes needed to implement
>>>>> a new acl model for linux. Rich ACLs are an implementation of NFSv4 ACLs,
>>>>> extended by file( masks to fit into the standard POSIX file permission model.
>>>>> They are designed to work seamlessly locally as well as across the NFSv4 and
>>>>> CIFS/SMB2 network file system protocols.
>>>> POSIX ACLs predate the LSM and can't be done as an LSM due to
>>>> the interactions between mode bits and ACLs as defined by the
>>>> POSIX DRAFT specification.
> I don't know LSM so don't understand what you mean when you say that
> interactions between mode bits and ACLs would make an ACL model hard to
> implement as an LSM.
POSIX ACLs require that the file permission bits change when
the ACL changes. This interaction violates the strict "additional
restriction" model of the LSM.
> But in any case the rich acl/mode bit interactions are similar to the
> posix acl/mode bit interactions, so the same issue probably applies.
It would help if you knew for sure and could explain the interaction
in sufficient detail to justify the position.
>
> --b.
>
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-09-12 22:38 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-05 17:25 [PATCH -V6 00/26] New ACL format for better NFSv4 acl interoperability Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 01/26] vfs: Indicate that the permission functions take all the MAY_* flags Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 02/26] vfs: Add hex format for MAY_* flag values Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 03/26] vfs: Pass all mask flags down to iop->check_acl Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 04/26] vfs: Add a comment to inode_permission() Aneesh Kumar K.V
2011-09-05 17:25 ` Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 05/26] vfs: Add generic IS_ACL() test for acl support Aneesh Kumar K.V
2011-09-05 17:25 ` Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 06/26] vfs: Add IS_RICHACL() test for richacl support Aneesh Kumar K.V
2011-09-05 17:25 ` Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 07/26] vfs: Optimize out IS_RICHACL() if CONFIG_FS_RICHACL is not defined Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 08/26] vfs: Add new file and directory create permission flags Aneesh Kumar K.V
2011-09-05 17:25 ` Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 09/26] vfs: Add delete child and delete self " Aneesh Kumar K.V
2011-09-07 20:39 ` J. Bruce Fields
2011-09-07 20:39 ` J. Bruce Fields
2011-09-08 9:30 ` Aneesh Kumar K.V
2011-09-08 20:07 ` J. Bruce Fields
2011-09-08 22:02 ` J. Bruce Fields
2011-09-09 5:19 ` Aneesh Kumar K.V
2011-09-09 5:19 ` Aneesh Kumar K.V
2011-09-09 5:25 ` Aneesh Kumar K.V
2011-09-09 12:02 ` J. Bruce Fields
2011-09-09 5:14 ` Aneesh Kumar K.V
2011-09-09 5:14 ` Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 10/26] vfs: Make the inode passed to inode_change_ok non-const Aneesh Kumar K.V
2011-09-07 20:43 ` J. Bruce Fields
2011-09-08 9:32 ` Aneesh Kumar K.V
2011-09-08 9:32 ` Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 11/26] vfs: Add permission flags for setting file attributes Aneesh Kumar K.V
2011-09-05 17:25 ` Aneesh Kumar K.V
2011-09-07 20:55 ` J. Bruce Fields
2011-09-08 9:36 ` Aneesh Kumar K.V
2011-09-08 20:08 ` J. Bruce Fields
2011-09-05 17:25 ` [PATCH -V6 12/26] vfs: Make acl_permission_check() work for richacls Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 13/26] richacl: In-memory representation and helper functions Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 14/26] richacl: Permission mapping functions Aneesh Kumar K.V
2011-09-05 17:25 ` Aneesh Kumar K.V
2011-09-07 21:24 ` J. Bruce Fields
2011-09-08 10:27 ` Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 15/26] richacl: Compute maximum file masks from an acl Aneesh Kumar K.V
2011-09-05 17:25 ` Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 16/26] richacl: Update the file masks in chmod() Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 17/26] richacl: Permission check algorithm Aneesh Kumar K.V
2011-09-07 21:50 ` J. Bruce Fields
2011-09-07 21:50 ` J. Bruce Fields
2011-09-08 10:34 ` Aneesh Kumar K.V
2011-09-08 10:34 ` Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 18/26] richacl: Create-time inheritance Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 19/26] richacl: Check if an acl is equivalent to a file mode Aneesh Kumar K.V
2011-09-05 17:25 ` Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 20/26] richacl: Automatic Inheritance Aneesh Kumar K.V
2011-09-07 21:56 ` J. Bruce Fields
2011-09-07 21:56 ` J. Bruce Fields
2011-09-05 17:25 ` [PATCH -V6 21/26] richacl: xattr mapping functions Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 22/26] vfs: Cache richacl in struct inode Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 23/26] vfs: Add richacl permission check Aneesh Kumar K.V
2011-09-05 17:25 ` Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 24/26] ext4: Use IS_POSIXACL() to check for POSIX ACL support Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 25/26] ext4: Implement rich acl for ext4 Aneesh Kumar K.V
2011-09-05 17:25 ` [PATCH -V6 26/26] ext4: Add temporary richacl mount option " Aneesh Kumar K.V
2011-09-05 17:25 ` Aneesh Kumar K.V
2011-09-05 22:42 ` [PATCH -V6 00/26] New ACL format for better NFSv4 acl interoperability Casey Schaufler
2011-09-05 22:42 ` Casey Schaufler
2011-09-08 0:46 ` Valdis.Kletnieks
2011-09-08 0:46 ` Valdis.Kletnieks-PjAqaU27lzQ
2011-09-12 21:34 ` Casey Schaufler
2011-09-12 22:20 ` J. Bruce Fields
2011-09-12 22:38 ` Casey Schaufler [this message]
2011-09-12 22:38 ` Casey Schaufler
2011-09-12 22:43 ` J. Bruce Fields
2011-09-12 23:23 ` Casey Schaufler
2011-09-12 23:53 ` J. Bruce Fields
2011-09-12 23:53 ` J. Bruce Fields
2011-09-13 4:41 ` Aneesh Kumar K.V
2011-09-13 4:41 ` Aneesh Kumar K.V
2011-09-13 18:12 ` Valdis.Kletnieks
2011-09-06 9:41 ` Steven Whitehouse
2011-09-06 13:58 ` Aneesh Kumar K.V
2011-09-06 13:58 ` Aneesh Kumar K.V
2011-09-07 20:18 ` J. Bruce Fields
2011-09-07 23:44 ` J. Bruce Fields
2011-09-08 10:40 ` Aneesh Kumar K.V
2011-09-08 10:40 ` Aneesh Kumar K.V
2011-09-09 10:02 ` [PATCH -V6 08/26] vfs: Add new file and directory create permission flags David Howells
2011-09-09 11:59 ` Aneesh Kumar K.V
2011-09-09 10:12 ` [PATCH -V6 09/26] vfs: Add delete child and delete self " David Howells
2011-09-09 10:12 ` David Howells
2011-09-09 11:55 ` Aneesh Kumar K.V
2011-09-09 11:55 ` Aneesh Kumar K.V
2011-09-09 10:36 ` [PATCH -V6 14/26] richacl: Permission mapping functions David Howells
2011-09-09 11:54 ` Aneesh Kumar K.V
2011-09-09 11:54 ` Aneesh Kumar K.V
2011-09-09 12:14 ` [PATCH -V6 18/26] richacl: Create-time inheritance David Howells
2011-09-09 12:14 ` David Howells
2011-09-09 12:37 ` [PATCH -V6 22/26] vfs: Cache richacl in struct inode David Howells
2011-09-09 12:37 ` David Howells
2011-09-09 12:45 ` [PATCH -V6 25/26] ext4: Implement rich acl for ext4 David Howells
2011-09-13 4:25 ` Aneesh Kumar K.V
2011-09-13 4:25 ` Aneesh Kumar K.V
2011-09-09 12:48 ` [PATCH -V6 00/26] New ACL format for better NFSv4 acl interoperability David Howells
2011-09-09 12:48 ` David Howells
2011-09-09 14:03 ` David Howells
2011-09-09 14:03 ` David Howells
2011-09-12 22:23 ` J. Bruce Fields
2011-09-12 22:23 ` J. Bruce Fields
2011-09-12 22:27 ` David Howells
2011-09-12 22:27 ` David Howells
2011-09-13 5:07 ` Aneesh Kumar K.V
2011-09-21 7:30 ` Aneesh Kumar K.V
2011-09-21 19:45 ` J. Bruce Fields
2011-09-21 19:45 ` J. Bruce Fields
2011-09-22 5:31 ` Aneesh Kumar K.V
2011-09-22 5:31 ` Aneesh Kumar K.V
2011-09-22 12:01 ` J. Bruce Fields
2011-09-22 12:01 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E6E89E0.4010406@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=agruen@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=bfields@fieldses.org \
--cc=dhowells@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.