All of lore.kernel.org
 help / color / mirror / Atom feed
From: Miklos Szeredi <miklos@szeredi.hu>
To: "bfields@fieldses.org" <bfields@fieldses.org>
Cc: Trond Myklebust <trondmy@hammerspace.com>,
	"agruenba@redhat.com" <agruenba@redhat.com>,
	"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
	"rgoldwyn@suse.de" <rgoldwyn@suse.de>,
	"linux-unionfs@vger.kernel.org" <linux-unionfs@vger.kernel.org>
Subject: Re: nfs4_acl restricts copy_up in overlayfs
Date: Thu, 31 May 2018 16:26:51 +0200	[thread overview]
Message-ID: <CAJfpegtOz-b6frP_jSEwWmgdjiDNkrT=bZALpf8jVAWPFTRi8g@mail.gmail.com> (raw)
In-Reply-To: <20180531140619.GA1298@fieldses.org>

On Thu, May 31, 2018 at 4:06 PM, bfields@fieldses.org
<bfields@fieldses.org> wrote:
> On Thu, May 31, 2018 at 03:30:04PM +0200, Miklos Szeredi wrote:
>> On Thu, May 31, 2018 at 3:10 PM, Trond Myklebust
>> <trondmy@hammerspace.com> wrote:
>> > On Thu, 2018-05-31 at 14:55 +0200, Miklos Szeredi wrote:
>> >> On Thu, May 31, 2018 at 2:47 PM, Trond Myklebust <trondmy@hammerspace.com> wrote:
>> >> > I'm still in strong disagreement with the model you are presenting
>> >> > here. It is a client enforced model, which is not ever going to be
>> >> > compatible with the NFS model.
>> >>
>> >> It's the only sane model that overlayfs can do.
>> >>
>> >> Think of it this way:  creating an image file on NFS, formating it to
>> >> ext4 and mounting it locally through the loop device is not going to
>> >> be compatible with the NFS security model either.  Should we care?
>> >
>> > Yes you should care because you are proposing that the simple act of
>> > mounting through overlayfs will change who can access, read and modify
>> > existing files from a NFS server.
>>
>> Only access/read: NFS can only be read-only layer.  So it's impossible
>> to actually modify a file on NFS through overlayfs.
>
> In addition to being read-only, I assume it's also unchanging?  I wonder
> why you'd want to use NFS at all for this case--sharing a read-only
> ext4-formatted block device would seem more straightforward.

Actually we could allow changes on the server side.   Overlayfs sort
of does this already (calls underlying fs's ->d_revalidate() from
ovl_dentry_revalidate()).  What's still needed is to detect rename by
rechecking parent and d_name to match overlay dentry's parent and
d_name.

But a shared block dev could be used in most cases, I guess.

Thanks,
Miklos

  reply	other threads:[~2018-05-31 14:26 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-29 20:32 nfs4_acl restricts copy_up in overlayfs Goldwyn Rodrigues
2018-05-29 21:37 ` Trond Myklebust
2018-05-29 21:37   ` Trond Myklebust
2018-05-30  1:08   ` Goldwyn Rodrigues
2018-05-30  1:08     ` Goldwyn Rodrigues
2018-05-30  3:01     ` Trond Myklebust
2018-05-30  3:01       ` Trond Myklebust
2018-05-30 10:33       ` Goldwyn Rodrigues
2018-05-31  0:45         ` J. Bruce Fields
2018-05-31 10:00           ` Miklos Szeredi
2018-05-31 12:47             ` Trond Myklebust
2018-05-31 12:47               ` Trond Myklebust
2018-05-31 12:55               ` Miklos Szeredi
2018-05-31 13:10                 ` Trond Myklebust
2018-05-31 13:10                   ` Trond Myklebust
2018-05-31 13:30                   ` Miklos Szeredi
2018-05-31 14:06                     ` bfields
2018-05-31 14:26                       ` Miklos Szeredi [this message]
2018-05-31 17:52                         ` Trond Myklebust
2018-05-31 17:52                           ` Trond Myklebust
2018-05-31 21:56                       ` Goldwyn Rodrigues
2018-05-31 21:53                     ` Goldwyn Rodrigues
2018-06-01  0:49                       ` Trond Myklebust
2018-06-01  0:49                         ` Trond Myklebust
2018-06-01 11:40                         ` Goldwyn Rodrigues
2018-06-01 13:16                           ` Trond Myklebust
2018-06-01 13:16                             ` Trond Myklebust
2018-06-01 13:32                             ` Miklos Szeredi
2018-06-01 13:50                               ` bfields
2018-06-01 14:00                                 ` Miklos Szeredi
2018-06-01 14:26                                   ` bfields
2018-06-01 14:43                                     ` Miklos Szeredi
2018-06-01 16:08                                       ` bfields
2018-06-01 17:02                                         ` Miklos Szeredi
2018-06-01 17:43                                           ` bfields
2018-06-01 19:14                                             ` Miklos Szeredi
2018-06-02  0:50                                               ` bfields
2018-06-07 11:50                                                 ` Miklos Szeredi
2018-05-31 18:57                   ` J. R. Okajima

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJfpegtOz-b6frP_jSEwWmgdjiDNkrT=bZALpf8jVAWPFTRi8g@mail.gmail.com' \
    --to=miklos@szeredi.hu \
    --cc=agruenba@redhat.com \
    --cc=bfields@fieldses.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=linux-unionfs@vger.kernel.org \
    --cc=rgoldwyn@suse.de \
    --cc=trondmy@hammerspace.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.