From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Gruenbacher Subject: Re: [PATCH] backout the xattr override access checks flag Date: Fri, 21 Feb 2003 11:20:25 +0100 Sender: linux-fsdevel-owner@vger.kernel.org Message-ID: <200302211120.25224.agruen@suse.de> References: <20030220222007.A21678@sgi.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Cc: linux-fsdevel@vger.kernel.org, torvalds@transmeta.com Return-path: To: Christoph Hellwig In-Reply-To: <20030220222007.A21678@sgi.com> Content-Disposition: inline List-Id: linux-fsdevel.vger.kernel.org On Friday 21 February 2003 04:20, you wrote: > This check backs out the XATTR_KERNEL_CONTEXT that tells filesystems > to ignore the lack of capabilities of the caller that went in in the > last week (through akpm..). > > It's a cludgy interface design to have flags that change access checks, > and there's a much easier way by raising the capabilities in the process > that actually needs this in kernel mode Thanks, I'm not fully convinced that raising capabilities temporarily in the kernel is a good thing to do, but it surely obsoletes the XATTR_KERNEL_CONTEXT flag. > (not that such code even exists yet). There is an HSM project for which this feature has been added. I think they are using a loadable module. > Something even better would probably be to move out the xattr access checks > to common code. There are two problems with that, so this doesn't seem any better to me, either: (a) We would have to decode attribute names twice, once for checking permissions, and a second time for determining how to store them. (b) Different file systems may implement different features with different, file system specific limitations. The VFS layer tests would have to accept all potentially useful things. The file system would have to re-check. Cheers, Andreas.