Re: [PATCH 1/2] eCryptfs: Introduce device handle for userspace daemon communications

["Serge E. Hallyn" <serue@us.ibm.com>]

Quoting Andrew Morton (akpm@linux-foundation.org):
> On Tue, 15 Apr 2008 15:23:13 -0500
> Michael Halcrow <mhalcrow@us.ibm.com> wrote:
> 
> > Functions to facilitate reading and writing to the eCryptfs
> > miscellaneous device handle. This will replace the netlink interface
> > as the preferred mechanism for communicating with the userspace
> > eCryptfs daemon.
> > 
> > Each user has his own daemon, which registers itself by opening the
> > eCryptfs device handle. Only one daemon per euid may be registered at
> > any given time. The eCryptfs module sends a message to a daemon by
> > adding its message to the daemon's outgoing message queue. The daemon
> > reads the device handle to get the oldest message off the queue.
> > 
> > Incoming messages from the userspace daemon are immediately
> > handled. If the message is a response, then the corresponding process
> > that is blocked waiting for the response is awakened.
> > 
> 
> This is a drastic change, but the changelog doesn't tell us why it is being
> made!
> 
> > ...
> > +	rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid);
> > +	if (daemon->pid != current->pid) {
> > +	rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid);
> > +	BUG_ON(current->euid != daemon->euid);
> > +	BUG_ON(current->pid != daemon->pid);
> 
> This code uses pids and uids all over the place.  Will it operate correctly
> in a containerised environment?

Thanks Andrew.

Mike, the pid_t definately needs to be replaced with a struct pid.

As for the euid, it'd be best if you also compared the user_namespace *
to make sure we support one ecryptfs deamon per user namespace.

thanks,
-serge