All of lore.kernel.org
 help / color / mirror / Atom feed
From: DENIEL Philippe <philippe.deniel@cea.fr>
To: Boaz Harrosh <bharrosh@panasas.com>
Cc: Steven Whitehouse <swhiteho@redhat.com>,
	Steve Dickson <steved@redhat.com>,
	Jeff Layton <jlayton@redhat.com>,
	lsf-pc@lists.linux-foundation.org,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>,
	Ganesha NFS List <nfs-ganesha-devel@lists.sourceforge.net>,
	Frank S Filz <ffilz@us.ibm.com>,
	"J. Bruce Fields" <bfields@redhat.com>,
	"Lieb, Jim" <jlieb@panasas.com>,
	Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Subject: Re: [5/8] syscall_cred() a system call that receives alternate CREDs
Date: Mon, 08 Apr 2013 15:54:24 +0200	[thread overview]
Message-ID: <5162CC10.3010203@cea.fr> (raw)
In-Reply-To: <51629DBE.1060508@panasas.com>

I do agree with Boaz and Jim. Being capable of "mascarading" a syscall 
with someone's credential would be really useful. In particular, in the 
Ganesha's scope, it is required to properly managed quota (you need to 
create inodes and write to files as the user if you want those inodes 
and blocks to be added to the right user's bill).

     Philippe

On 04/08/13 12:36, Boaz Harrosh wrote:
> From: Jim Lieb <jlieb@panasas.com>
>
> In current NFS Server (Ganesha) lots of operation becomes 6 syscalls
> (Or is it 7?)
>
> - setfsuid(), setfsgid(), thread_setgroups()
> - The OP
> - Revert setfsuid(), setfsgid() to root
>
> This is because if we do all these file operations as root then
> FS will not account for the quota a user have on create files,
> data space, and so on.
> (Note that permission checking is done by Ganesha core, because
>   We may cache open fd(s) and such not, another topic)
>
> We could maybe with hard work save the last two calls for reverting
> to root, but this will force us to audit lots of code that we are
> not prepared to do right now. And will not save us much.
>
> [thread_setgroups()]
> thread_setgroups() is what we use at Ganesha and what Samaba guys use
> for a per-thread setgroups() call. In the Linux Kernel the setgroups is
> actually always per thread. It is only the POSIX (crap) pthread layer
> at glibc that intercepts the setgroups() call (and others), Iterates on
> all threads that belong to a process, and calls the native Kernel setgroups
> on them. So thread_setgroups() is just the raw syscall bypassing glibc's
> processing. We will eventually push this API to glibc.
> BTW: this is done exactly the same on FreeBSD, with same exact glibc intervention.
>
> [Proposed]
> What Jim proposed is a syscall that receives a struct that has
> the regular syscalls parameters plus the creds structure with fsuid/fsgid and
> groups array. Kernel will set these in, call the original syscall, and revert.
> This will be done on only an interested subset of the syscalls that are one -
> are related to filesystems (setfsXid) and two - are of interest to us Servers.
>
> Jim care to scribble a structure definition?
>
> Thanks
> Boaz
>


  reply	other threads:[~2013-04-08 14:38 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-04-08 10:19 [LSF/MM TOPIC (expanded) 0/8] New API's for better exporting of VFS from user-mode daemons Boaz Harrosh
2013-04-08 10:22 ` [1/8] readdir-plus system call Boaz Harrosh
2013-04-08 10:26   ` Steven Whitehouse
2013-04-08 15:18     ` [Nfs-ganesha-devel] " Matt W. Benjamin
2013-04-08 13:51   ` DENIEL Philippe
2013-04-08 19:02   ` Abhijith Das
2013-04-10 20:31     ` Andreas Dilger
2013-05-24 16:14     ` [1/8] readdir-plus system call - LSF/MM follow up Abhijith Das
2013-05-24 19:41       ` Zach Brown
2013-05-28 14:49         ` Abhijith Das
2013-05-28 15:13           ` Jim Lieb
     [not found]             ` <OF27E1911F.3FBABA22-ON87257B79.005C087F-88257B79.005C320B@us.ibm.com>
2013-05-29  0:57               ` Jim Lieb
     [not found]                 ` <OF067A3B49.F63109B6-ON87257B7A.00137A60-88257B7A.00140BC7@us.ibm.com>
2013-05-29 10:06                   ` Jeff Layton
2013-05-29 14:04                     ` J. Bruce Fields
2013-06-04 15:38                       ` [Lsf-pc] " Christoph Hellwig
2013-06-04 15:52                         ` J. Bruce Fields
2013-05-29 16:52                   ` Re: Re: " Jim Lieb
2013-05-28 20:00           ` Andreas Dilger
2013-05-28 20:11             ` Abhijith Das
2013-04-08 10:25 ` [LSF/MM TOPIC (expanded) 0/8] New API's for better exporting of VFS from user-mode daemons Steven Whitehouse
2013-04-08 10:25 ` [2/8] Sane locks (UNPOSIX locks) Boaz Harrosh
2013-04-08 12:02   ` [Lsf-pc] " Jeff Layton
2013-04-08 10:28 ` [3/8] File delegations, Usermode API of Bruce's pending patches Boaz Harrosh
2013-04-08 10:32 ` [4/8] PNFS ioctls/syscall Boaz Harrosh
2013-04-08 10:36 ` [5/8] syscall_cred() a system call that receives alternate CREDs Boaz Harrosh
2013-04-08 13:54   ` DENIEL Philippe [this message]
2013-04-08 14:42   ` J. Bruce Fields
2013-04-08 14:58     ` Boaz Harrosh
2013-04-08 18:23     ` Jim Lieb
2013-04-08 18:31       ` J. Bruce Fields
2013-04-08 19:45         ` Jim Lieb
2013-04-08 21:33           ` Boaz Harrosh
2013-04-09 16:40             ` Jim Lieb
2013-04-08 10:42 ` [6/8] Rich ACLs (continued, drive through this time) Boaz Harrosh
2013-04-08 11:12   ` Vyacheslav Dubeyko
2013-04-08 14:27   ` Venkateswararao Jujjuri
2013-04-08 10:43 ` [7/8] Single call interface to getattr/setattr Boaz Harrosh
     [not found]   ` <OF4A1A78E0.CB4DED3E-ON87257B47.00549E35-88257B47.005520A8@us.ibm.com>
2013-04-08 16:41     ` Boaz Harrosh
2013-04-08 10:45 ` [8/8] Fix fsnotify short comings (single fd with recursive notifications) Boaz Harrosh
2013-04-08 13:59   ` DENIEL Philippe
2013-04-08 15:22     ` Al Viro
2013-04-08 15:36     ` J. Bruce Fields
2013-04-08 14:31 ` [LSF/MM TOPIC (expanded) 0/8] New API's for better exporting of VFS from user-mode daemons Venkateswararao Jujjuri

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5162CC10.3010203@cea.fr \
    --to=philippe.deniel@cea.fr \
    --cc=bfields@redhat.com \
    --cc=bharrosh@panasas.com \
    --cc=ffilz@us.ibm.com \
    --cc=jlayton@redhat.com \
    --cc=jlieb@panasas.com \
    --cc=jvrao@linux.vnet.ibm.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=lsf-pc@lists.linux-foundation.org \
    --cc=nfs-ganesha-devel@lists.sourceforge.net \
    --cc=steved@redhat.com \
    --cc=swhiteho@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.