From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: MIME-Version: 1.0 References: <20180711161540.GS30522@ZenIV.linux.org.uk> <20180712124326.GA19272@ZenIV.linux.org.uk> <20180712155337.GU30522@ZenIV.linux.org.uk> <20180718025636.GA26175@ZenIV.linux.org.uk> <20180718132955.2bf185b7@canb.auug.org.au> <20180718124340.GS30522@ZenIV.linux.org.uk> <20180718181252.GU30522@ZenIV.linux.org.uk> <15659.1531949324@warthog.procyon.org.uk> In-Reply-To: <15659.1531949324@warthog.procyon.org.uk> From: Linus Torvalds Date: Wed, 18 Jul 2018 16:13:45 -0700 Message-ID: Subject: Re: [RFC] call_with_creds() To: David Howells Cc: Al Viro , Miklos Szeredi , Stephen Rothwell , linux-fsdevel , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: On Wed, Jul 18, 2018 at 2:28 PM David Howells wrote: > > Are network filesystems allowed to use f_cred at I/O time to determine the > authentication/encryption parameters to commune with the server? Absolutely. file->f_cred is very much "what was my ID at open time". Of course, you may well have reasons why you actually want to cache the key itself (and hide it in private_data or similar rather than look it up, but if looking it up by uid is ok, then file->f_cred is ok. And if you check permissions at IO time (again using file->f_cred), that's ok from a kernel perspective, but it's not really POSIX-compliant. But obviously a lot of netrwork filesystems aren't posix-compliant anyway. Linus