linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dominik Paulus <dominik.paulus@fau.de>
To: Max Vozeler <max@hinterhof.net>
Cc: Maximilian Eschenbacher <maximilian@eschenbacher.email>,
	linux-kernel@vger.kernel.org, valentina.manea.m@gmail.com,
	shuah.kh@samsung.com, gregkh@linuxfoundation.org,
	Dominik Paulus <dominik.paulus@fau.de>,
	Fjodor Schelichow <fjodor.schelichow@hotmail.com>,
	Johannes Stadlinger <johannes.stadlinger@fau.de>,
	Kurt Kanzenbach <ly80toro@cip.cs.fau.de>,
	Tobias Polzer <tobias.polzer@fau.de>
Subject: Re: [PATCH 03/18] usbip: Add kernel support for client ACLs
Date: Sun, 21 Sep 2014 14:42:46 +0200	[thread overview]
Message-ID: <20140921124246.GA2097@d-paulus.de> (raw)
In-Reply-To: <20140921004433.GA12922@x201t.vpn.hinterhof.net>

On Sun, Sep 21, 2014 at 02:44:33AM +0200, Max Vozeler wrote:
> Hi,
> 
> On Tue, Sep 16, 2014 at 11:38:40PM +0000, Maximilian Eschenbacher wrote:
> > From: Dominik Paulus <dominik.paulus@fau.de>
> > 
> > This patch adds the possibility to stored ACLs for allowed clients for
> > each stub device in sysfs. It adds a new sysfs entry called "usbip_acl"
> > for each stub device, containing a list of CIDR masks of allowed
> > clients. This file will be used by usbip and usbipd to store the ACL.
> 
> Is there a need to involve the kernel here, couldn't usbip and usbipd
> apply the ACLs during connection setup in userspace?

In fact, they do, sysfs is just used for storing the ACLs. They are
never interpreted by the kernel. Admittedly, this isn't great design,
but currently, the ACLs are specified when binding a device to usbip
using the "usbip bind" utility and interpreted by usbipd when a
connection attempt is made. usbip (configuration utility) and usbipd
(userspace daemon) don't communicate in userspace at all, and moving the
ACLs out of kernel would be considerably more code and more error prone.

Regards,
Dominik

  reply	other threads:[~2014-09-21 12:49 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-16 23:38 [PATCH 00/18] usbip: Crypto and ACLs Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 01/18] usbip: sysfs_utils: add read_sysfs_attribute Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 02/18] usbip: Add support for client authentication Maximilian Eschenbacher
2014-09-21  0:42   ` Max Vozeler
2014-09-21 12:43     ` Dominik Paulus
2014-10-03 14:16   ` Valentina Manea
2014-09-16 23:38 ` [PATCH 03/18] usbip: Add kernel support for client ACLs Maximilian Eschenbacher
2014-09-21  0:44   ` Max Vozeler
2014-09-21 12:42     ` Dominik Paulus [this message]
2014-09-16 23:38 ` [PATCH 04/18] usbip: Add CIDR matching helper functions Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 05/18] usbip: Add ACL support to usbip bind Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 06/18] usbip: Add support for ACLs in usbipd Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 07/18] usbip: Add proper error reporting Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 08/18] usbip: Handle usbip being started as user Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 09/18] usbip: Improve debug output Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 10/18] usbip: Separate protocol/program version Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 11/18] usbip: TLS for all userspace communication Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 12/18] usbip: Exchange session keys in userspace Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 13/18] usbip: Pass session keys to the kernel Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 14/18] usbip: Wrap kernel_sendmsg()/recvmsg() Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 15/18] usbip: Add encryption support to kernel Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 16/18] usbip: Update documentation Maximilian Eschenbacher
2014-09-16 23:38 ` [PATCH 17/18] usbip: Increment version number to 1.2.1 Maximilian Eschenbacher
2014-09-17 17:51   ` Denys Vlasenko
2014-09-18 15:31     ` Fjodor Schelichow
2014-09-16 23:38 ` [PATCH 18/18] usbip: list.h include stddef.h for offsetof Maximilian Eschenbacher
2014-09-26 11:56 ` [PATCH 00/18] usbip: Crypto and ACLs Valentina Manea
2014-11-07 17:49   ` Greg KH
2014-11-09 21:10     ` Valentina Manea
2014-11-09 23:33       ` Greg KH
2014-11-11 17:52       ` Maximilian Eschenbacher

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140921124246.GA2097@d-paulus.de \
    --to=dominik.paulus@fau.de \
    --cc=fjodor.schelichow@hotmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=johannes.stadlinger@fau.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=ly80toro@cip.cs.fau.de \
    --cc=max@hinterhof.net \
    --cc=maximilian@eschenbacher.email \
    --cc=shuah.kh@samsung.com \
    --cc=tobias.polzer@fau.de \
    --cc=valentina.manea.m@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).