From: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
To: <linux-btrfs@vger.kernel.org>
Subject: [PATCH RESEND 0/8] btrfs-progs: sub: Relax the privileges of "subvolume list/show"
Date: Tue, 27 Nov 2018 14:24:41 +0900 [thread overview]
Message-ID: <cover.1543294426.git.misono.tomohiro@jp.fujitsu.com> (raw)
Hello,
This is basically the resend of
"[PATCH v2 00/20] btrfs-progs: Rework of "subvolume list/show" and relax the
root privileges of them" [1]
which I submitted in June. The aim of this series is to allow non-privileged user
to use basic subvolume functionality (create/list/snapshot/delete; this allows "list")
They were once in devel branch with some whitespace/comment modification by david.
I rebased them to current devel branch.
github: https://github.com/t-msn/btrfs-progs/tree/rework-sub-list
Basic logic/code is the same as before. Some differences are:
- Use latest libbtrfsutil from Omar [2] (thus drop first part of patches).
As a result, "sub list" cannot accept an ordinary directry to be
specified (which is allowed in previous version)
- Drop patches which add new options to "sub list"
- Use 'nobody' as non-privileged test user just like libbtrfsutil test
- Update comments
Importantly, in order to make output consistent for both root and non-privileged
user, this changes the behavior of "subvolume list":
- (default) Only list in subvolume under the specified path.
Path needs to be a subvolume.
- (-a) filter is dropped. i.e. its output is the same as the
default behavior of "sub list" in progs <= 4.19
Therefore, existent scripts may need to update to add -a option
(I believe nobody uses current -a option).
If anyone thinks this is not good, please let me know.
Behavior summary from cover letter in [1]
====
* Behavior summary of new "sub list"
- default (no option)
- lists subvolumes below the specified path (inc. path itself)
- If new ioctls exists non-privileged user can call it
(subvolumes to which the user cannot access will be skipped)
- -a
- updated to remove filter. i.e. the output is the same as current progs
without option (require root privileges)
[Example]
$ mkfs.btrfs -f $DEV
$ mkfs.btrfs -f $DEV2
$ mount $DEV $MNT
$ btrfs subvolume create $MNT/AAA
$ btrfs subvolume create $MNT/BBB
$ btrfs subvolume create $MNT/CCC
$ btrfs subvolume create $MNT/DDD
$ mkdir $MNT/AAA/bbb
$ mkdir $MNT/AAA/ccc
$ mkdir $MNT/AAA/other
$ umount $MNT
$ mount -o subvol=AAA $DEV $MNT
$ mount -o subvol=BBB $DEV $MNT/bbb
$ mount -o subvol=CCC $DEV $MNT/ccc
$ mount -o $DEV2 $MNT/other
$ btrfs subvolume list $MNT # print subvolumes below the path
ID 256 gen 10 top level 5 path .
$ btrfs subvolume list -a $MNT
# print all subvolumes in the fs. the same output as progs<=4.19 without option
ID 256 gen 10 top level 5 path AAA
ID 258 gen 7 top level 5 path BBB
ID 259 gen 8 top level 5 path CCC
ID 260 gen 9 top level 5 path DDD
* Behavior summary of new "sub show"
- No change for root's output
- If new ioctls exists, non-privileged user can call it
- In that case, path to be shown is absolute path
(for root, it is relative to top-level subvolume)
Also, snapshots to be shown are to which the user can access from current
mount point.
(for root, all snapshots in the fs)
===
[1] https://lore.kernel.org/linux-btrfs/cover.1529310485.git.misono.tomohiro@jp.fujitsu.com/
[2] https://lore.kernel.org/linux-btrfs/cover.1542181521.git.osandov@fb.com/
Thanks,
Misono
Misono Tomohiro (8):
btrfs-progs: sub list: Use libbtrfsuitl for subvolume list
btrfs-progs: sub list: factor out main part of btrfs_list_subvols
btrfs-progs: sub list: Change the default behavior of "subvolume list"
and allow non-privileged user to call it
btrfs-progs: sub list: Update -a option and remove meaningless filter
btrfs-progs: utils: Fallback to open without O_NOATIME flag in
find_mount_root():
btrfs-progs: sub show: Allow non-privileged user to call "subvolume
show"
btrfs-progs: test: Add helper function to check if test user exists
btrfs-porgs: test: Add cli-test/009 to check subvolume list for both
root and normal user
Documentation/btrfs-subvolume.asciidoc | 25 +-
cmds-subvolume.c | 1149 +++++++++++++++++++-
tests/cli-tests/009-subvolume-list/test.sh | 130 +++
tests/common | 10 +
utils.c | 3 +
5 files changed, 1266 insertions(+), 51 deletions(-)
create mode 100755 tests/cli-tests/009-subvolume-list/test.sh
--
2.19.1
next reply other threads:[~2018-11-27 5:31 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-27 5:24 Misono Tomohiro [this message]
2018-11-27 5:24 ` [PATCH 1/8] btrfs-progs: sub list: Use libbtrfsuitl for subvolume list Misono Tomohiro
2018-11-27 5:24 ` [PATCH 2/8] btrfs-progs: sub list: factor out main part of btrfs_list_subvols Misono Tomohiro
2018-11-27 5:24 ` [PATCH 3/8] btrfs-progs: sub list: Change the default behavior of "subvolume list" and allow non-privileged user to call it Misono Tomohiro
2018-11-27 5:24 ` [PATCH 4/8] btrfs-progs: sub list: Update -a option and remove meaningless filter Misono Tomohiro
2018-11-27 5:24 ` [PATCH 5/8] btrfs-progs: utils: Fallback to open without O_NOATIME flag in find_mount_root(): Misono Tomohiro
2018-11-27 5:24 ` [PATCH 6/8] btrfs-progs: sub show: Allow non-privileged user to call "subvolume show" Misono Tomohiro
2018-11-27 5:24 ` [PATCH 7/8] btrfs-progs: test: Add helper function to check if test user exists Misono Tomohiro
2018-11-27 5:24 ` [PATCH 8/8] btrfs-porgs: test: Add cli-test/009 to check subvolume list for both root and normal user Misono Tomohiro
2018-11-27 9:48 ` [PATCH RESEND 0/8] btrfs-progs: sub: Relax the privileges of "subvolume list/show" Martin Steigerwald
2018-11-28 1:26 ` misono.tomohiro
2018-12-07 1:02 ` Omar Sandoval
2018-12-11 9:06 ` misono.tomohiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1543294426.git.misono.tomohiro@jp.fujitsu.com \
--to=misono.tomohiro@jp.fujitsu.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).