All of lore.kernel.org
 help / color / mirror / Atom feed
From: Moritz Sichert <moritz+linux@sichert.me>
To: Qu Wenruo <quwenruo@cn.fujitsu.com>,
	Andrei Borzenkov <arvidjaar@gmail.com>,
	linux-btrfs@vger.kernel.org
Subject: Re: Qgroups are not applied when snapshotting a subvol?
Date: Mon, 27 Mar 2017 13:02:24 +0200	[thread overview]
Message-ID: <e57c6cc8-4943-a93a-f568-d3654d341b65@sichert.me> (raw)
In-Reply-To: <8c55c034-27cc-e8b5-5317-b388cc6492f4@cn.fujitsu.com>

Am 27.03.2017 um 05:46 schrieb Qu Wenruo:
> 
> 
> At 03/27/2017 11:26 AM, Andrei Borzenkov wrote:
>> 27.03.2017 03:39, Qu Wenruo пишет:
>>>
>>>
>>> At 03/26/2017 06:03 AM, Moritz Sichert wrote:
>>>> Hi,
>>>>
>>>> I tried to configure qgroups on a btrfs filesystem but was really
>>>> surprised that when you snapshot a subvolume, the snapshot will not be
>>>> assigned to the qgroup the subvolume was in.
>>>>
>>>> As an example consider the small terminal session in the attachment: I
>>>> create a subvol A, assign it to qgroup 1/1 and set a limit of 5M on
>>>> that qgroup. Then I write a file into A and eventually get "disk quota
>>>> exceeded". Then I create a snapshot of A and call it B. B will not be
>>>> assigned to 1/1 and writing a file into B confirms that no limits at
>>>> all are imposed for B.
>>>>
>>>> I feel like I must be missing something here. Considering that
>>>> creating a snapshot does not require root privileges this would mean
>>>> that any user can just circumvent any quota and therefore make them
>>>> useless.
>>>>
>>>> Is there a way to enforce quotas even when a user creates snapshots?
>>>>
>>>
>>> Yes, there is always method to attach the subvolume/snapshot to
>>> specified higher level qgroup.
>>>
>>> Just use "btrfs subvolume snapshot -i 1/1".
>>>
>>
>> This requires cooperation from whoever creates subvolume, while the
>> question was - is it possible to enforce it, without need for explicit
>> option/action when snapshot is created.
>>
>> To reiterate - if user omits "-i 1/1" (s)he "escapes" from quota
>> enforcement.
> 
> What if user really want to create a subvolume assigned another group?
> 
> You're implying a *policy* that if source subvolume belongs to a higher level qgroup, then snapshot created should also follow that higher level qgroup.
> 
> However kernel should only provide *mechanisim*, not *policy*.
> And btrfs does it, it provides method to do it, whether to do or not is users responsibility.
> 
> If you want to implement that policy, please do it in a higher level, something like SUSE snapper, not in kernel.

The problem is, I can't enforce the policy because *every user* can create snapshots. Even if I would restrict the btrfs executable so that only root can execute it, this doesn't help. As using the ioctl for btrfs is allowed for any user, they could just get the executable from somewhere else.


Moritz

  reply	other threads:[~2017-03-27 11:04 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-25 22:03 Qgroups are not applied when snapshotting a subvol? Moritz Sichert
2017-03-26  5:45 ` Duncan
2017-03-27  0:39 ` Qu Wenruo
2017-03-27  3:26   ` Andrei Borzenkov
2017-03-27  3:46     ` Qu Wenruo
2017-03-27 11:02       ` Moritz Sichert [this message]
2017-03-27 12:01         ` Austin S. Hemmelgarn
2017-03-27 19:32           ` Chris Murphy
2017-03-27 19:53             ` Roman Mamedov
2017-03-27 20:06               ` Hans van Kranenburg
2017-03-27 21:11                 ` Chris Murphy
2017-03-28  2:41                   ` Duncan
2017-03-28  5:21                     ` Duncan
2017-03-28  3:56             ` Andrei Borzenkov
2017-03-28 11:24             ` Austin S. Hemmelgarn
2017-03-28 12:00               ` Marat Khalili
2017-03-28 12:20                 ` Austin S. Hemmelgarn
2017-03-28 13:53                   ` Marat Khalili
2017-03-28 15:24                     ` Austin S. Hemmelgarn
2017-03-29  5:53                       ` Marat Khalili
2017-03-28  1:49           ` Qu Wenruo
2017-03-28 11:44             ` Austin S. Hemmelgarn
2017-03-29  5:38               ` Duncan
2017-03-29 11:36                 ` Austin S. Hemmelgarn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e57c6cc8-4943-a93a-f568-d3654d341b65@sichert.me \
    --to=moritz+linux@sichert.me \
    --cc=arvidjaar@gmail.com \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=quwenruo@cn.fujitsu.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.