From: Matthew Wilcox <willy@infradead.org>
To: Christian Brauner <brauner@kernel.org>
Cc: Amir Goldstein <amir73il@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Josef Bacik <josef@toxicpanda.com>,
linux-fsdevel@vger.kernel.org, viro@zeniv.linux.org.uk,
jack@suse.cz, david@fromorbit.com, hch@lst.de,
Mimi Zohar <zohar@linux.ibm.com>
Subject: Re: [PATCH][RFC] fs: add levels to inode write access
Date: Fri, 31 May 2024 23:14:49 +0100 [thread overview]
Message-ID: <ZlpL2ZfIF7d3MR32@casper.infradead.org> (raw)
In-Reply-To: <ZlnxCJ-14kVXxyV9@casper.infradead.org>
On Fri, May 31, 2024 at 04:47:20PM +0100, Matthew Wilcox wrote:
> On Fri, May 31, 2024 at 04:50:16PM +0200, Christian Brauner wrote:
> > So then I propose we just make the deny write stuff during exec
> > conditional on IMA being active. At the end it's small- vs chicken pox.
> >
> > (I figure it won't be enough for IMA to read the executable after it has
> > been mapped MS_PRIVATE?)
>
> do you mean MAP_PRIVATE?
>
> If so, you have a misapprehension. We can change the contents of the
> pagecache after MAP_PRIVATE and that will not cause COW. COW only
> occurs if someone writes through a MAP_PRIVATE.
If IMA does want to prevent writes, I suggest it puts a lease on the
file. That's a mechanism that all writes must honour, rather than
it being an IMA speciality.
prev parent reply other threads:[~2024-05-31 22:14 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-29 20:41 [PATCH][RFC] fs: add levels to inode write access Josef Bacik
2024-05-29 22:00 ` Jeff Layton
2024-05-30 1:14 ` Matthew Wilcox
2024-05-30 10:32 ` Christian Brauner
2024-05-30 12:57 ` Amir Goldstein
2024-05-30 14:58 ` Josef Bacik
2024-05-30 15:23 ` Christian Brauner
2024-05-30 15:49 ` Linus Torvalds
2024-05-31 10:02 ` Christian Brauner
2024-05-31 12:32 ` Christian Brauner
2024-05-31 13:01 ` [PATCH] fs: don't block i_writecount during exec Christian Brauner
2024-05-31 15:40 ` Linus Torvalds
2024-05-31 18:08 ` Jeff Layton
2024-05-31 22:08 ` Josef Bacik
2024-06-03 13:52 ` (subset) " Christian Brauner
2024-06-06 12:45 ` Aishwarya TCV
2024-06-06 15:37 ` Mark Brown
2024-06-06 16:53 ` Josef Bacik
2024-06-06 17:33 ` Mark Brown
2024-06-06 17:49 ` Mark Brown
2024-08-07 9:59 ` [LTP] " Tudor Ambarus
2024-08-07 9:59 ` Tudor Ambarus
2024-09-04 17:04 ` Jann Horn
2024-09-05 7:38 ` Roberto Sassu
2024-05-31 13:09 ` [PATCH][RFC] fs: add levels to inode write access Amir Goldstein
2024-05-31 14:50 ` Christian Brauner
2024-05-31 15:47 ` Matthew Wilcox
2024-05-31 22:14 ` Matthew Wilcox [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZlpL2ZfIF7d3MR32@casper.infradead.org \
--to=willy@infradead.org \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=david@fromorbit.com \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=josef@toxicpanda.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.