From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Amir Goldstein <amir73il@gmail.com>
Cc: linux-fsdevel <linux-fsdevel@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Miklos Szeredi <miklos@szeredi.hu>,
overlayfs <linux-unionfs@vger.kernel.org>,
Seth Forshee <seth.forshee@canonical.com>
Subject: Re: [PATCH 1/1] fs: rethread notify_change to take a path instead of a dentry
Date: Sun, 01 Dec 2019 08:00:06 -0800 [thread overview]
Message-ID: <1575216006.4080.3.camel@HansenPartnership.com> (raw)
In-Reply-To: <CAOQ4uxggMt77HHD4GOk4Rth8KAVz17f5CcZdgAfiMpTuQLz3PA@mail.gmail.com>
On Sun, 2019-12-01 at 09:04 +0200, Amir Goldstein wrote:
> Hi James!
>
> On Sat, Nov 30, 2019 at 11:21 PM James Bottomley
> <James.Bottomley@hansenpartnership.com> wrote:
> >
> > In order to prepare for implementing shiftfs as a property changing
> > bind mount, the path (which contains the vfsmount) must be threaded
> > through everywhere we are going to do either a permission check or
> > an
>
> I am curious how bind/shift mount is expected to handle
> inode_permission().
I should be posting the initial patch soon, so you can see. However
the principle is pretty simple: at the top of the API you have to
install a fsuid/fsgid shifted override credential if the vfsmount is
marked for shifting. To make that determination you need the path at
all those points, hence this patch. However, anywhere in the stack
after this, you can make the determination either by the vfsmount flag
or by recognizing the shifted credential. The latter is how I do this
in inode_permission
> Otherwise, I am fine with the change, short of some style comments
> below...
OK, will fix for v2.
James
next prev parent reply other threads:[~2019-12-01 16:00 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-30 21:19 [PATCH 0/1] preparatory patch for a uid/gid shifting bind mount James Bottomley
2019-11-30 21:21 ` [PATCH 1/1] fs: rethread notify_change to take a path instead of a dentry James Bottomley
2019-12-01 7:04 ` Amir Goldstein
2019-12-01 16:00 ` James Bottomley [this message]
2019-12-03 0:54 ` [PATCH v2] " James Bottomley
2019-12-01 11:47 ` [PATCH 1/1] " Matthew Wilcox
2019-12-01 15:55 ` James Bottomley
2019-12-03 9:18 ` [fs] 53d4a4300b: WARNING:at_fs/overlayfs/copy_up.c:#ovl_copy_up_inode[overlay] kernel test robot
2019-12-14 11:56 ` [PATCH 0/1] preparatory patch for a uid/gid shifting bind mount Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1575216006.4080.3.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=amir73il@gmail.com \
--cc=dhowells@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=seth.forshee@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).