From: Dave Chinner <david@fromorbit.com>
To: Jan Kara <jack@suse.cz>
Cc: Li Xi <pkuelelixi@gmail.com>,
linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-api@vger.kernel.org, tytso@mit.edu, adilger@dilger.ca,
viro@zeniv.linux.org.uk, hch@infradead.org, dmonakhov@openvz.org,
dchinner@redhat.com
Subject: Re: [v9 1/5] vfs: adds general codes to enforces project quota limits
Date: Tue, 17 Mar 2015 08:49:30 +1100 [thread overview]
Message-ID: <20150316214930.GE28557@dastard> (raw)
In-Reply-To: <20150316142944.GN4934@quack.suse.cz>
On Mon, Mar 16, 2015 at 03:29:44PM +0100, Jan Kara wrote:
> On Wed 11-03-15 12:03:19, Li Xi wrote:
> > This patch adds support for a new quota type PRJQUOTA for project quota
> > enforcement. Also a new method get_projid() is added into dquot_operations
> > structure.
> >
> > Signed-off-by: Li Xi <lixi@ddn.com>
> > Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
> > Reviewed-by: Jan Kara <jack@suse.cz>
> ...
> > diff --git a/fs/quota/quota.c b/fs/quota/quota.c
> > index 2aa4151..c76b350 100644
> > --- a/fs/quota/quota.c
> > +++ b/fs/quota/quota.c
> > @@ -30,11 +30,15 @@ static int check_quotactl_permission(struct super_block *sb, int type, int cmd,
> > case Q_XGETQSTATV:
> > case Q_XQUOTASYNC:
> > break;
> > - /* allow to query information for dquots we "own" */
> > + /*
> > + * allow to query information for dquots we "own"
> > + * always allow querying project quota
> > + */
> > case Q_GETQUOTA:
> > case Q_XGETQUOTA:
> > if ((type == USRQUOTA && uid_eq(current_euid(), make_kuid(current_user_ns(), id))) ||
> > - (type == GRPQUOTA && in_egroup_p(make_kgid(current_user_ns(), id))))
> > + (type == GRPQUOTA && in_egroup_p(make_kgid(current_user_ns(), id))) ||
> > + (type == PRJQUOTA))
> > break;
> I wanted to merge this patch but this hunk caught my eye. Why do we
> suddently allow querying of project quotas? Traditionally that has been
> allowed only with CAP_SYS_ADMIN. I agree it looks too restrictive to me but
> unless that's a bug, I think we have to adhere to original behavior and
> drop this hunk. Dave, was that behavior of project quotas intended?
This is for quota reports, right?
Project quotas are managed by the administrator as individual users
may not even have access to all the files under a project and hence
often cannot do anything about running out of quota space. i.e. users
don't own project quotas like they "own" user and group quotas.
user/group quotas imply the user has permission to access/modify the
files within the quota, whereas that is not true of project quotas.
e.g. Think about a project that compartmentalises information along
user acess bounds: even if a user can't access parts of the project
quota space, allowing them to query the accounting of space used by
the project is leaking information about how much data there is in
the project they can't access....
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2015-03-16 21:49 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-11 3:03 [v9 0/5] ext4: add project quota support Li Xi
2015-03-11 3:03 ` [v9 2/5] ext4: adds project ID support Li Xi
[not found] ` <1426043003-31043-3-git-send-email-lixi-LfVdkaOWEx8@public.gmane.org>
2015-03-16 14:37 ` Jan Kara
[not found] ` <1426043003-31043-1-git-send-email-lixi-LfVdkaOWEx8@public.gmane.org>
2015-03-11 3:03 ` [v9 1/5] vfs: adds general codes to enforces project quota limits Li Xi
2015-03-16 14:29 ` Jan Kara
2015-03-16 21:49 ` Dave Chinner [this message]
2015-03-17 9:37 ` Jan Kara
2015-03-11 3:03 ` [v9 3/5] ext4: adds project quota support Li Xi
[not found] ` <1426043003-31043-4-git-send-email-lixi-LfVdkaOWEx8@public.gmane.org>
2015-03-11 7:40 ` Konstantin Khlebnikov
2015-03-12 15:01 ` Andreas Dilger
2015-03-12 16:04 ` Konstantin Khlebnikov
2015-03-16 14:47 ` Jan Kara
2015-03-16 14:57 ` Konstantin Khlebnikov
2015-03-16 15:33 ` Jan Kara
2015-03-11 3:03 ` [v9 4/5] ext4: adds FS_IOC_FSSETXATTR/FS_IOC_FSGETXATTR interface support Li Xi
[not found] ` <1426043003-31043-5-git-send-email-lixi-LfVdkaOWEx8@public.gmane.org>
2015-03-11 7:33 ` Konstantin Khlebnikov
2015-03-16 15:26 ` Jan Kara
2015-03-11 3:03 ` [v9 5/5] ext4: cleanup inode flag definitions Li Xi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150316214930.GE28557@dastard \
--to=david@fromorbit.com \
--cc=adilger@dilger.ca \
--cc=dchinner@redhat.com \
--cc=dmonakhov@openvz.org \
--cc=hch@infradead.org \
--cc=jack@suse.cz \
--cc=linux-api@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=pkuelelixi@gmail.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).