From: Matthew Wilcox <matthew@wil.cx>
To: "David P. Quigley" <dpquigl@tycho.nsa.gov>
Cc: hooanon05@yahoo.co.jp, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [RFC 0/8] Aufs2 documents
Date: Wed, 25 Feb 2009 12:07:12 -0700 [thread overview]
Message-ID: <20090225190712.GU16891@parisc-linux.org> (raw)
In-Reply-To: <1235584254.15148.86.camel@moss-terrapins.epoch.ncsc.mil>
On Wed, Feb 25, 2009 at 12:50:54PM -0500, David P. Quigley wrote:
> I think it would be useful to see the source code for AUFS2 posted to
> LKML. One of the questions I have not which doesn't seem to be addressed
> in these documents is how robust is your xattr support and are you
> making the appropriate LSM calls to make this usable with SELinux and
> Smack. Also from a labeling perspective you have a very interesting
> question of which label do you select when unifying directories. If you
> have a/foo and b/foo each with different labels which do you choose.
> Based on the history of Union type file systems I would suspect the
> answer is whichever branch is listed first.
That would provide an interesting way to bypass security protections on
a directory. I suspect it should deny access if *any* of the unioned
directories would deny access.
--
Matthew Wilcox Intel Open Source Technology Centre
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours. We can't possibly take such
a retrograde step."
next prev parent reply other threads:[~2009-02-25 19:07 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-23 7:31 [RFC 0/8] Aufs2 documents hooanon05
2009-02-23 7:33 ` [RFC 1/8] Aufs2: introduction hooanon05
2009-02-23 7:34 ` [RFC 2/8] Aufs2: structure hooanon05
2009-02-23 9:13 ` Tomas M
2009-02-23 9:22 ` Tomas M
2009-02-24 8:13 ` New filesystem for Linux kernel Tomas M
2009-02-24 11:52 ` Miklos Szeredi
2009-02-24 13:18 ` hooanon05
2009-02-24 13:45 ` Tarkan Erimer
2009-02-24 13:57 ` hooanon05
2009-02-24 14:16 ` Tarkan Erimer
2009-02-24 14:50 ` Miklos Szeredi
2009-02-24 16:26 ` hooanon05
2009-02-25 10:28 ` Miklos Szeredi
2009-02-26 4:09 ` hooanon05
2009-02-26 5:51 ` hooanon05
2009-02-26 5:55 ` hooanon05
2009-02-24 14:15 ` Theodore Tso
2009-02-24 15:18 ` David P. Quigley
2009-02-24 15:41 ` hooanon05
2009-02-25 15:53 ` David P. Quigley
2009-02-26 4:21 ` hooanon05
2009-02-25 7:31 ` Tomas M
2009-02-25 9:33 ` David Newall
2009-02-25 8:12 ` Tomas M
2009-02-26 14:31 ` Amit Kucheria
2009-02-26 14:31 ` Amit Kucheria
2009-02-23 14:23 ` [RFC 2/8] Aufs2: structure hooanon05
2009-02-23 7:35 ` [RFC 3/8] Aufs2: lookup hooanon05
2009-02-23 7:36 ` [RFC 4/8] Aufs2: branch hooanon05
2009-02-23 7:36 ` [RFC 5/8] Aufs2: wbr_policy hooanon05
2009-02-23 7:37 ` [RFC 6/8] Aufs2: fmode_exec hooanon05
2009-02-23 7:37 ` [RFC 7/8] Aufs2: mmap hooanon05
2009-02-23 9:18 ` Tomas M
2009-02-23 14:39 ` hooanon05
2009-02-23 7:38 ` [RFC 8/8] Aufs2: plan hooanon05
2009-02-25 17:50 ` [RFC 0/8] Aufs2 documents David P. Quigley
2009-02-25 19:07 ` Matthew Wilcox [this message]
2009-02-26 4:54 ` hooanon05
2009-02-26 17:20 ` David P. Quigley
2009-02-27 14:27 ` hooanon05
2009-02-27 18:17 ` David P. Quigley
2009-02-28 8:04 ` hooanon05
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090225190712.GU16891@parisc-linux.org \
--to=matthew@wil.cx \
--cc=dpquigl@tycho.nsa.gov \
--cc=hooanon05@yahoo.co.jp \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.