From: "Austin S. Hemmelgarn" <ahferroin7@gmail.com>
To: kreijack@inwind.it, Nikolay Borisov <nborisov@suse.com>,
"Misono, Tomohiro" <misono.tomohiro@jp.fujitsu.com>,
linux-btrfs <linux-btrfs@vger.kernel.org>
Subject: Re: [PATCH] btrfs: Allow non-privileged user to delete empty subvolume by default
Date: Thu, 22 Mar 2018 08:15:16 -0400 [thread overview]
Message-ID: <53ff753f-6078-ddf7-3107-14f1fddd7c26@gmail.com> (raw)
In-Reply-To: <cf65350d-1985-ac5b-2fb6-72fedfa9adf0@inwind.it>
On 2018-03-21 16:38, Goffredo Baroncelli wrote:
> On 03/21/2018 12:47 PM, Austin S. Hemmelgarn wrote:
>> I agree as well, with the addendum that I'd love to see a new ioctl that does proper permissions checks. While letting rmdir(2) work for an empty subvolume with the appropriate permissions would be great (it will let rm -r work correctly), it doesn't address the usefulness of being able to just `btrfs subvolume delete` and not have to wait for the command to finish before you can reuse the name.
>
> How this could work ?
>
> If you want to check all the subvolumes files permissions, this will require some time: you need to traverse all the subvolume-filesystem; and only if all the checks are passed, you can delete the subvolume.
>
> Unfortunately I think that only two options exist:
> - don't check permissions, and you can quick remove a subvolume
> - check all the permissions, i.e. check all the files permissions, and only if all the permissions are OK, you can delete the subvolume. However this cannot be a "quick" subvolume delete
Why exactly would you need to check everything? What I'm talking about
is having behavior like `user_subvol_rm_allowed` be the default, with an
additional check emulating the regular dentry removal check (namely that
the user has appropriate permissions on the parent directory) so that
people can't delete things like their own home directories. We're
already _way_ beyond POSIX semantics here because we're debating the
handling of permissions for an ioctl that takes a different fd than what
it functionally operates on, so I see no reason whatsoever that we need
to enforce POSIX semantics to that degree.
next prev parent reply other threads:[~2018-03-22 12:15 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-20 6:45 [PATCH] btrfs: Allow non-privileged user to delete empty subvolume by default Misono, Tomohiro
2018-03-20 20:06 ` Goffredo Baroncelli
2018-03-21 7:46 ` Nikolay Borisov
2018-03-21 11:47 ` Austin S. Hemmelgarn
2018-03-21 20:38 ` Goffredo Baroncelli
2018-03-22 12:15 ` Austin S. Hemmelgarn [this message]
2018-03-22 17:38 ` Goffredo Baroncelli
2018-03-23 6:29 ` Misono Tomohiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53ff753f-6078-ddf7-3107-14f1fddd7c26@gmail.com \
--to=ahferroin7@gmail.com \
--cc=kreijack@inwind.it \
--cc=linux-btrfs@vger.kernel.org \
--cc=misono.tomohiro@jp.fujitsu.com \
--cc=nborisov@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).