* [PATCH] btrfs: 'usertrans' mount option to allow unprivileged userspace transactions
@ 2009-06-25 21:45 Sage Weil
2009-06-26 17:09 ` Christoph Hellwig
0 siblings, 1 reply; 3+ messages in thread
From: Sage Weil @ 2009-06-25 21:45 UTC (permalink / raw)
To: linux-btrfs
This lets an administrator give non-root users access to the btrfs
transaction start/end ioctls via a mount option.
Currently any process using the ioctls must run as root. That's
appropriate in general, since the ioctls allow let any process to hang fs
commits by holding an open transaction indefinitely. But on locked down
hosts (i.e. no users), that can be inconvenient because daemons using
transactions have to run as root.
Signed-off-by: Sage Weil <sage@newdream.net>
---
fs/btrfs/ctree.h | 1 +
fs/btrfs/ioctl.c | 3 ++-
fs/btrfs/super.c | 9 ++++++++-
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
index 03441a9..eb1f3b7 100644
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -1102,6 +1102,7 @@ struct btrfs_root {
#define BTRFS_MOUNT_FLUSHONCOMMIT (1 << 7)
#define BTRFS_MOUNT_SSD_SPREAD (1 << 8)
#define BTRFS_MOUNT_NOSSD (1 << 9)
+#define BTRFS_MOUNT_USERTRANS (1 << 10)
#define btrfs_clear_opt(o, opt) ((o) &= ~BTRFS_MOUNT_##opt)
#define btrfs_set_opt(o, opt) ((o) |= BTRFS_MOUNT_##opt)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index eff18f5..2aadc14 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -1183,7 +1183,8 @@ static long btrfs_ioctl_trans_start(struct file *file)
struct btrfs_trans_handle *trans;
int ret = 0;
- if (!capable(CAP_SYS_ADMIN))
+ if (!capable(CAP_SYS_ADMIN) &&
+ !btrfs_test_opt(root, USERTRANS))
return -EPERM;
if (file->private_data) {
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 708ac06..1be8567 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -67,7 +67,8 @@ enum {
Opt_degraded, Opt_subvol, Opt_device, Opt_nodatasum, Opt_nodatacow,
Opt_max_extent, Opt_max_inline, Opt_alloc_start, Opt_nobarrier,
Opt_ssd, Opt_nossd, Opt_ssd_spread, Opt_thread_pool, Opt_noacl,
- Opt_compress, Opt_notreelog, Opt_ratio, Opt_flushoncommit, Opt_err,
+ Opt_compress, Opt_notreelog, Opt_ratio, Opt_flushoncommit,
+ Opt_usertrans, Opt_err,
};
static match_table_t tokens = {
@@ -89,6 +90,7 @@ static match_table_t tokens = {
{Opt_notreelog, "notreelog"},
{Opt_flushoncommit, "flushoncommit"},
{Opt_ratio, "metadata_ratio=%d"},
+ {Opt_usertrans, "usertrans"},
{Opt_err, NULL},
};
@@ -257,6 +259,9 @@ int btrfs_parse_options(struct btrfs_root *root, char *options)
printk(KERN_INFO "btrfs: metadata ratio %d\n",
info->metadata_ratio);
}
+ case Opt_usertrans:
+ printk(KERN_INFO "btrfs: enabling unprivileged user transactions\n");
+ btrfs_set_opt(info->mount_opt, USERTRANS);
break;
default:
break;
@@ -449,6 +454,8 @@ static int btrfs_show_options(struct seq_file *seq, struct vfsmount *vfs)
seq_puts(seq, ",notreelog");
if (btrfs_test_opt(root, FLUSHONCOMMIT))
seq_puts(seq, ",flushoncommit");
+ if (btrfs_test_opt(root, USERTRANS))
+ seq_puts(seq, ",usertrans");
if (!(root->fs_info->sb->s_flags & MS_POSIXACL))
seq_puts(seq, ",noacl");
return 0;
--
1.5.6.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] btrfs: 'usertrans' mount option to allow unprivileged userspace transactions
2009-06-25 21:45 [PATCH] btrfs: 'usertrans' mount option to allow unprivileged userspace transactions Sage Weil
@ 2009-06-26 17:09 ` Christoph Hellwig
2009-06-29 16:40 ` Sage Weil
0 siblings, 1 reply; 3+ messages in thread
From: Christoph Hellwig @ 2009-06-26 17:09 UTC (permalink / raw)
To: Sage Weil; +Cc: linux-btrfs
On Thu, Jun 25, 2009 at 02:45:39PM -0700, Sage Weil wrote:
> This lets an administrator give non-root users access to the btrfs
> transaction start/end ioctls via a mount option.
>
> Currently any process using the ioctls must run as root. That's
> appropriate in general, since the ioctls allow let any process to hang fs
> commits by holding an open transaction indefinitely. But on locked down
> hosts (i.e. no users), that can be inconvenient because daemons using
> transactions have to run as root.
If the system is locked down there is no problem giving the capability
to the daemon user. I'm strong against adding any kind of
privilegue-evading options to filesystems.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] btrfs: 'usertrans' mount option to allow unprivileged userspace transactions
2009-06-26 17:09 ` Christoph Hellwig
@ 2009-06-29 16:40 ` Sage Weil
0 siblings, 0 replies; 3+ messages in thread
From: Sage Weil @ 2009-06-29 16:40 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: linux-btrfs
On Fri, 26 Jun 2009, Christoph Hellwig wrote:
> On Thu, Jun 25, 2009 at 02:45:39PM -0700, Sage Weil wrote:
> > This lets an administrator give non-root users access to the btrfs
> > transaction start/end ioctls via a mount option.
> >
> > Currently any process using the ioctls must run as root. That's
> > appropriate in general, since the ioctls allow let any process to hang fs
> > commits by holding an open transaction indefinitely. But on locked down
> > hosts (i.e. no users), that can be inconvenient because daemons using
> > transactions have to run as root.
>
> If the system is locked down there is no problem giving the capability
> to the daemon user. I'm strong against adding any kind of
> privilegue-evading options to filesystems.
Well, I was hoping for finer granularity that CAP_SYS_ADMIN, but i can
live with it. Thanks.
sage
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-06-29 16:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-06-25 21:45 [PATCH] btrfs: 'usertrans' mount option to allow unprivileged userspace transactions Sage Weil
2009-06-26 17:09 ` Christoph Hellwig
2009-06-29 16:40 ` Sage Weil
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox