From: Linus Torvalds <torvalds@linux-foundation.org>
To: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
Miklos Szeredi <mszeredi@redhat.com>,
Stephen Rothwell <sfr@canb.auug.org.au>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [RFC] call_with_creds()
Date: Wed, 18 Jul 2018 16:13:45 -0700 [thread overview]
Message-ID: <CA+55aFwMXV7wC4jvNZ9wiVyTn9Zio+n-r91jGj1xsT14GZJndw@mail.gmail.com> (raw)
In-Reply-To: <15659.1531949324@warthog.procyon.org.uk>
On Wed, Jul 18, 2018 at 2:28 PM David Howells <dhowells@redhat.com> wrote:
>
> Are network filesystems allowed to use f_cred at I/O time to determine the
> authentication/encryption parameters to commune with the server?
Absolutely. file->f_cred is very much "what was my ID at open time".
Of course, you may well have reasons why you actually want to cache
the key itself (and hide it in private_data or similar rather than
look it up, but if looking it up by uid is ok, then file->f_cred is
ok.
And if you check permissions at IO time (again using file->f_cred),
that's ok from a kernel perspective, but it's not really
POSIX-compliant. But obviously a lot of netrwork filesystems aren't
posix-compliant anyway.
Linus
prev parent reply other threads:[~2018-07-18 23:13 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20180710101736.32d6cc6c@canb.auug.org.au>
[not found] ` <20180710150455.GK30522@ZenIV.linux.org.uk>
2018-07-11 2:11 ` linux-next: manual merge of the vfs tree with the overlayfs tree Al Viro
2018-07-11 2:21 ` [RFC][PATCH 01/42] drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 02/42] cxl_getfile(): fix double-iput() on alloc_file() failures Al Viro
2018-07-11 2:21 ` [RFC][PATCH 03/42] ocxlflash_getfile(): " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 04/42] make get_empty_filp() to call file_free_rcu() directly Al Viro
2018-07-11 2:35 ` Linus Torvalds
2018-07-11 2:43 ` Al Viro
2018-07-11 2:21 ` [RFC][PATCH 05/42] fold security_file_free() into file_free() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 06/42] turn filp_clone_open() into inline wrapper for dentry_open() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 07/42] create_pipe_files(): use fput() if allocation of the second file fails Al Viro
2018-07-11 2:21 ` [RFC][PATCH 08/42] make sure do_dentry_open() won't return positive as an error Al Viro
2018-07-11 2:39 ` Linus Torvalds
2018-07-11 2:41 ` Al Viro
2018-07-11 2:21 ` [RFC][PATCH 09/42] pass creds to get_empty_filp(), make sure dentry_open() passes the right creds Al Viro
2018-07-11 2:21 ` [RFC][PATCH 10/42] get rid of cred argument of vfs_open() and do_dentry_open() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 11/42] security_file_open(): lose cred argument Al Viro
2018-07-11 2:21 ` [RFC][PATCH 12/42] ->file_open(): " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 13/42] introduce FMODE_OPENED Al Viro
2018-07-11 2:21 ` [RFC][PATCH 14/42] fold put_filp() into fput() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 15/42] lift fput() on late failures into path_openat() Al Viro
2018-07-11 5:43 ` Amir Goldstein
2018-07-11 2:21 ` [RFC][PATCH 16/42] now we can fold open_check_o_direct() into do_dentry_open() Al Viro
2018-07-11 2:44 ` Linus Torvalds
2018-07-11 2:59 ` Al Viro
2018-07-11 3:13 ` Linus Torvalds
2018-07-11 2:21 ` [RFC][PATCH 17/42] switch all remaining checks for FILE_OPENED to FMODE_OPENED Al Viro
2018-07-11 2:21 ` [RFC][PATCH 18/42] introduce FMODE_CREATED and switch to it Al Viro
2018-07-11 2:21 ` [RFC][PATCH 19/42] IMA: don't propagate opened through the entire thing Al Viro
2018-07-11 2:21 ` [RFC][PATCH 20/42] getting rid of 'opened' argument of ->atomic_open() - step 1 Al Viro
2018-07-11 2:21 ` [RFC][PATCH 21/42] getting rid of 'opened' argument of ->atomic_open() - part 2 Al Viro
2018-07-11 2:21 ` [RFC][PATCH 22/42] get rid of 'opened' argument of ->atomic_open() - part 3 Al Viro
2018-07-11 2:21 ` [RFC][PATCH 23/42] get rid of 'opened' in path_openat() and the helpers downstream Al Viro
2018-07-11 2:21 ` [RFC][PATCH 24/42] ->atomic_open(): return 0 in all success cases Al Viro
2018-07-11 2:21 ` [RFC][PATCH 25/42] document ->atomic_open() changes Al Viro
2018-07-11 2:21 ` [RFC][PATCH 26/42] switch atomic_open() and lookup_open() to returning 0 in all success cases Al Viro
2018-07-11 2:21 ` [RFC][PATCH 27/42] kill FILE_{CREATED,OPENED} Al Viro
2018-07-11 2:21 ` [RFC][PATCH 28/42] new wrapper: alloc_file_pseudo() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 29/42] __shmem_file_setup(): reorder allocations Al Viro
2018-07-11 2:21 ` [RFC][PATCH 30/42] ... and switch shmem_file_setup() to alloc_file_pseudo() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 31/42] cxl_getfile(): switch " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 32/42] ocxlflash_getfile(): " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 33/42] hugetlb_file_setup(): " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 34/42] anon_inode_getfile(): " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 35/42] create_pipe_files(): switch the first allocation " Al Viro
2018-07-11 2:22 ` [RFC][PATCH 36/42] new helper: alloc_file_clone() Al Viro
2018-07-11 2:22 ` [RFC][PATCH 37/42] do_shmat(): grab shp->shm_file earlier, switch to alloc_file_clone() Al Viro
2018-07-11 2:22 ` [RFC][PATCH 38/42] make alloc_file() static Al Viro
2018-07-11 2:22 ` [RFC][PATCH 39/42] document alloc_file() changes Al Viro
2018-07-11 2:22 ` [RFC][PATCH 40/42] make path_init() unconditionally paired with terminate_walk() Al Viro
2018-07-11 2:22 ` [RFC][PATCH 41/42] allow link_path_walk() to take ERR_PTR() Al Viro
2018-07-11 2:22 ` [RFC][PATCH 42/42] few more cleanups of link_path_walk() callers Al Viro
2018-07-11 2:56 ` [RFC][PATCH 01/42] drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open() Linus Torvalds
2018-07-11 15:25 ` Al Viro
2018-07-11 16:15 ` Al Viro
2018-07-12 12:43 ` Al Viro
2018-07-12 15:05 ` Linus Torvalds
2018-07-12 15:53 ` vfs / overlayfs conflict resolution for linux-next Al Viro
2018-07-18 2:56 ` Al Viro
2018-07-18 3:29 ` Stephen Rothwell
2018-07-18 7:25 ` Miklos Szeredi
2018-07-18 12:10 ` Miklos Szeredi
2018-07-18 12:43 ` Al Viro
2018-07-18 13:46 ` Al Viro
2018-07-18 15:46 ` Miklos Szeredi
2018-07-18 18:12 ` [RFC] call_with_creds() Al Viro
2018-07-18 18:19 ` Linus Torvalds
2018-07-18 19:46 ` Al Viro
2018-07-18 19:53 ` Linus Torvalds
2018-07-18 20:04 ` Al Viro
2018-07-18 20:15 ` Al Viro
2018-07-18 20:43 ` Linus Torvalds
2018-07-18 21:22 ` Al Viro
2018-07-18 23:06 ` Linus Torvalds
2018-07-18 21:27 ` David Howells
2018-07-18 23:16 ` Linus Torvalds
2018-07-18 21:28 ` David Howells
2018-07-18 23:13 ` Linus Torvalds [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+55aFwMXV7wC4jvNZ9wiVyTn9Zio+n-r91jGj1xsT14GZJndw@mail.gmail.com \
--to=torvalds@linux-foundation.org \
--cc=dhowells@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mszeredi@redhat.com \
--cc=sfr@canb.auug.org.au \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).