From: Al Viro <viro@ZenIV.linux.org.uk>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: akpm@linux-foundation.org, torvalds@linux-foundation.org,
dave@linux.vnet.ibm.com, ezk@cs.sunysb.edu, mhalcrow@us.ibm.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [patch 00/13] vfs: add helpers to check r/o bind mounts
Date: Thu, 24 Apr 2008 13:42:46 +0100 [thread overview]
Message-ID: <20080424124245.GC15214@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20080424113950.818688067@szeredi.hu>
On Thu, Apr 24, 2008 at 01:39:50PM +0200, Miklos Szeredi wrote:
> Then I did this series, which basically guarantees, that that cannot
> happen. Al rejected it, and rather fixed some of the remaining
> places. He still missed several, which sort of proves my point.
Which ones have I missed?
> I think it's totally pointless to continue trying to fix the symptoms
> instead of getting at the root of the problem.
>
> I know that VFS interfaces are a sensitive question, but it would be
> nice it we could have some sanity back in this discussion.
Yes, it would. How about that, for starters:
path_create() et.al. are *wrong* for nfsd; if nothing else, I'm not at
all convinced that even apparmour wants export path + relative there
_and_ r/o vs. r/w is decision that doesn't clearly map to ex_mnt flags.
Moreover, it's not at all obvious that we want to drop write access as
soon as vfs_...() is over in case of nfsd. Some of the stuff done
immeidately afterwards might very well qualify for inclusion into
protected area; some of the stuff done immediately _prior_ very likely
needs that as well - look at fh_verify() and tell me why we don't want
that "I'll hold write access to vfsmount" to span the area including
that sucker. If we want the r/o vs r/w policy directly vfsmount-based
for nfsd, that is.
For ecryptfs it's also bogus - at the very least we need to decide what
should happen when underlying vfsmount is remounted. Again, I'm less
than convinced that we want the same way to express r/o vs. r/w policy.
next prev parent reply other threads:[~2008-04-24 12:43 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-24 11:39 [patch 00/13] vfs: add helpers to check r/o bind mounts Miklos Szeredi
2008-04-24 11:39 ` [patch 01/13] ecryptfs: add missing lock around notify_change Miklos Szeredi
2008-04-24 16:56 ` Erez Zadok
2008-04-24 17:09 ` Miklos Szeredi
2008-04-24 11:39 ` [patch 02/13] ecryptfs: clean up (un)lock_parent Miklos Szeredi
2008-04-24 11:39 ` [patch 03/13] nfsd: clean up mnt_want_write calls Miklos Szeredi
2008-04-24 11:39 ` [patch 04/13] vfs: add path_create() and path_mknod() Miklos Szeredi
2008-04-24 11:39 ` [patch 05/13] vfs: add path_mkdir() Miklos Szeredi
2008-04-24 11:39 ` [patch 06/13] vfs: add path_rmdir() Miklos Szeredi
2008-04-24 11:39 ` [patch 07/13] vfs: add path_unlink() Miklos Szeredi
2008-04-24 11:39 ` [patch 08/13] vfs: add path_symlink() Miklos Szeredi
2008-04-24 11:39 ` [patch 09/13] vfs: add path_link() Miklos Szeredi
2008-04-24 11:40 ` [patch 10/13] vfs: add path_rename() Miklos Szeredi
2008-04-24 11:40 ` [patch 11/13] vfs: add path_setattr() Miklos Szeredi
2008-04-24 11:40 ` [patch 12/13] vfs: add path_setxattr() Miklos Szeredi
2008-04-24 11:40 ` [patch 13/13] vfs: add path_removexattr() Miklos Szeredi
2008-04-24 12:42 ` Al Viro [this message]
2008-04-24 13:05 ` [patch 00/13] vfs: add helpers to check r/o bind mounts Miklos Szeredi
2008-04-24 13:48 ` Al Viro
2008-04-24 14:00 ` Al Viro
2008-04-24 14:16 ` Miklos Szeredi
2008-04-24 14:35 ` Al Viro
2008-04-24 14:42 ` Miklos Szeredi
2008-04-24 14:48 ` Al Viro
2008-04-24 14:58 ` Miklos Szeredi
2008-04-24 15:21 ` Al Viro
2008-04-24 15:37 ` Miklos Szeredi
2008-04-24 15:59 ` Al Viro
2008-04-24 16:16 ` Miklos Szeredi
2008-04-28 10:15 ` Miklos Szeredi
2008-04-28 14:20 ` Michael Halcrow
2008-04-28 14:52 ` Miklos Szeredi
2008-04-25 7:22 ` Miklos Szeredi
2008-04-24 17:55 ` Dave Hansen
2008-04-24 18:47 ` Miklos Szeredi
2008-04-24 14:09 ` Miklos Szeredi
2008-04-24 14:28 ` Al Viro
2008-04-24 14:36 ` Miklos Szeredi
2008-04-24 14:44 ` Al Viro
2008-04-24 14:53 ` Miklos Szeredi
2008-04-24 15:12 ` Al Viro
2008-04-24 15:18 ` Miklos Szeredi
2008-04-24 15:38 ` Al Viro
2008-04-24 15:43 ` Miklos Szeredi
2008-04-24 17:29 ` Erez Zadok
2008-04-24 18:13 ` Al Viro
2008-04-24 19:40 ` Erez Zadok
2008-04-24 20:16 ` Michael Halcrow
2008-04-24 22:39 ` Erez Zadok
2008-04-24 23:33 ` Michael Halcrow
2008-04-28 21:53 ` J. Bruce Fields
2008-04-24 17:25 ` Erez Zadok
2008-04-24 17:30 ` Al Viro
2008-04-24 19:56 ` Erez Zadok
2008-04-24 17:04 ` Erez Zadok
2008-04-24 16:52 ` Erez Zadok
2008-04-24 16:58 ` Miklos Szeredi
2008-04-24 17:14 ` Erez Zadok
2008-04-24 17:23 ` Miklos Szeredi
2008-05-01 5:40 ` Dave Hansen
2008-05-01 8:08 ` Miklos Szeredi
2008-05-01 16:40 ` Dave Hansen
2008-05-01 17:04 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080424124245.GC15214@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=dave@linux.vnet.ibm.com \
--cc=ezk@cs.sunysb.edu \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhalcrow@us.ibm.com \
--cc=miklos@szeredi.hu \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.