Re: [PATCH 2/8] move xattr permission checks into the VFS

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Christoph Hellwig <hch@lst.de>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: Christoph Hellwig <hch@lst.de>,
	akpm@osdl.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 2/8] move xattr permission checks into the VFS
Date: Tue, 1 Nov 2005 04:24:51 +0100	[thread overview]
Message-ID: <20051101032451.GA24312@lst.de> (raw)
In-Reply-To: <1130815329.19963.8.camel@lade.trondhjem.org>

On Mon, Oct 31, 2005 at 10:22:09PM -0500, Trond Myklebust wrote:
> > +	/*
> > +	 * No restriction for security.* and system.* from the VFS.  Decision
> > +	 * on these is left to the underlying filesystem / security module.
> > +	 */
> > +	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
> > +	    !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
> > +		return 0;

> The call to permission() here is not always applicable. Some filesystems
> may have different permissions when it comes to the right to read or set
> ACLs (both AFS and NFSv4, for instance, have such features).
> 
> For the NFSv4 client, therefore, I'd like to be able to override this
> particular check (and leave it up to the server to verify that we are
> authorised).

See the code above.  system namespace attributes (which ACLs are) are
never handled in the VFS but always left to the filesystem.

next prev parent reply	other threads:[~2005-11-01  3:24 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-01  2:30 [PATCH 2/8] move xattr permission checks into the VFS Christoph Hellwig
2005-11-01  3:22 ` Trond Myklebust
2005-11-01  3:24   ` Christoph Hellwig [this message]
2005-11-01  3:33     ` Trond Myklebust
2005-11-01  3:38       ` Christoph Hellwig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20051101032451.GA24312@lst.de \
    --to=hch@lst.de \
    --cc=akpm@osdl.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.