From: Trond Myklebust <trond.myklebust@fys.uio.no>
To: Ian Kent <raven@themaw.net>
Cc: Andrew Morton <akpm@osdl.org>,
nfsv4@linux-nfs.org, linux-kernel@vger.kernel.org,
torvalds@osdl.org, linux-cachefs@redhat.com,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 0/7] Permit filesystem local caching and NFS superblock sharing [try #13]
Date: Mon, 04 Sep 2006 23:50:41 -0400 [thread overview]
Message-ID: <1157428241.5510.72.camel@localhost> (raw)
In-Reply-To: <1157424937.3002.4.camel@raven.themaw.net>
On Tue, 2006-09-05 at 10:55 +0800, Ian Kent wrote:
> On Mon, 2006-09-04 at 21:57 -0400, Trond Myklebust wrote:
> > On Mon, 2006-09-04 at 21:24 +0800, Ian Kent wrote:
> >
> > > > [pid 3838] mkdir("/net", 0555) = -1 EEXIST (File exists)
> > > > [pid 3838] stat64("/net", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
> > > > [pid 3838] mkdir("/net/trash", 0555) = -1 EEXIST (File exists)
> > > > [pid 3838] stat64("/net/trash", {st_mode=S_IFDIR|0555, st_size=1024, ...}) = 0
> > > > [pid 3838] mkdir("/net/trash/mnt", 0555) = -1 EACCES (Permission denied)
> > >
> > > This is the point I'm trying to make.
> > > I'm able to reproduce this with exports that don't have "nohide".
> > > The mkdir used to return EEXIST, possibly before getting to the EACCES
> > > test. It appears to be a change in semantic behavior and I can't see
> > > where it is coming from. autofs expects an EEXIST but not an EACCES and
> > > so doesn't perform the mount. I could ignore the EACCES but that would
> > > be cheating.
> >
> > Why the hell is it doing a mkdir in the first place? ...and why the hell
> > is it not able to cope with EACCES? The latter is hardly an unlikely
> > reply: it means that the automounter should not be doing this in the
> > first place, 'cos it doesn't have the privileges. That is not the same
> > as saying that it doesn't have the privileges to do a lookup.
>
> Why the hell shouldn't it be able to do an mkdir!
Firstly, if the call to mkdir actually _was_ successful, it would be
creating a new directory on the NFS server, and it would be doing so
with the automounter's privileges instead of the user's privileges. Why
would I want it to do that?
Secondly, and more pertinently to this case, you have no guarantee that
the automounter has _any_ privileges on the server at all other than
what is required to mount a filesystem. selinux is enforcing that on the
client side here, but the server could just as well be set up to do the
same (in fact, you could set up selinux to do the exact same thing on
the server).
IOW, the automounter should just be calling stat('/net/trash/mnt'). It
shouldn't be trying to create directories on the server at all.
> It is coping with the EACCESS return by not mounting the filesystem
> which is the correct response in this case.
No it isn't. The directory exists. It can be looked up. There is no
reason why you can't mount something on top of it.
Being permitted to do mkdir() or not has nothing to do with anything.
next prev parent reply other threads:[~2006-09-05 3:50 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-30 19:31 [PATCH 0/7] Permit filesystem local caching and NFS superblock sharing [try #13] David Howells
2006-08-30 19:31 ` [PATCH 1/7] FS-Cache: Provide a filesystem-specific sync'able page bit " David Howells
2006-08-30 19:31 ` [PATCH 2/7] FS-Cache: Generic filesystem caching facility " David Howells
2006-08-30 19:32 ` [PATCH 3/7] FS-Cache: Release page->private after failed readahead " David Howells
2006-08-30 19:32 ` [PATCH 4/7] FS-Cache: Make kAFS use FS-Cache " David Howells
2006-08-30 19:32 ` [PATCH 5/7] NFS: Use local caching " David Howells
2006-08-30 19:32 ` [PATCH 6/7] FS-Cache: CacheFiles: ia64: missing copy_page export " David Howells
2006-08-30 19:32 ` [PATCH 7/7] FS-Cache: CacheFiles: A cache that backs onto a mounted filesystem " David Howells
2006-08-30 19:52 ` [PATCH 0/7] Permit filesystem local caching and NFS superblock sharing " Andrew Morton
2006-08-30 20:37 ` David Howells
2006-08-30 20:55 ` Andrew Morton
2006-08-31 9:58 ` David Howells
2006-08-31 17:21 ` Andrew Morton
2006-08-31 17:26 ` Trond Myklebust
2006-08-31 17:42 ` David Howells
2006-08-31 18:04 ` Andrew Morton
2006-09-01 13:08 ` David Howells
2006-09-01 16:34 ` Andrew Morton
2006-09-01 17:00 ` Trond Myklebust
2006-09-02 2:50 ` Andrew Morton
2006-09-02 4:11 ` Ian Kent
2006-09-02 5:58 ` Andrew Morton
2006-09-03 6:21 ` Ian Kent
2006-09-03 6:30 ` Andrew Morton
2006-09-03 6:43 ` Ian Kent
2006-09-03 16:58 ` Andrew Morton
2006-09-04 2:23 ` Ian Kent
2006-09-04 5:40 ` Ian Kent
2006-09-02 4:49 ` Ian Kent
2006-09-04 11:52 ` David Howells
2006-09-04 11:52 ` David Howells
2006-09-04 13:24 ` Ian Kent
2006-09-05 1:57 ` Trond Myklebust
2006-09-05 2:55 ` Ian Kent
2006-09-05 3:50 ` Trond Myklebust [this message]
2006-09-05 4:03 ` Ian Kent
2006-09-05 4:53 ` Trond Myklebust
2006-09-05 6:06 ` Ian Kent
2006-09-05 7:01 ` Ian Kent
2006-09-05 12:52 ` Trond Myklebust
2006-09-06 4:54 ` Ian Kent
2006-09-05 9:40 ` David Howells
2006-09-05 10:20 ` Ian Kent
2006-09-05 10:37 ` David Howells
2006-09-05 12:20 ` Ian Kent
2006-09-05 13:38 ` David Howells
2006-09-06 4:58 ` Ian Kent
2006-09-06 9:51 ` David Howells
2006-09-06 12:46 ` Trond Myklebust
2006-09-06 13:24 ` David Howells
2006-09-07 5:30 ` Ian Kent
2006-09-07 6:17 ` Trond Myklebust
2006-09-07 7:40 ` Ian Kent
2006-09-05 9:48 ` David Howells
2006-09-05 10:14 ` Ian Kent
2006-09-05 9:57 ` David Howells
2006-09-05 12:47 ` Trond Myklebust
2006-09-05 12:53 ` Trond Myklebust
2006-09-05 13:40 ` David Howells
2006-09-06 10:27 ` Ian Kent
2006-09-04 13:46 ` David Howells
2006-09-04 15:00 ` Ian Kent
2006-09-05 4:11 ` Ian Kent
2006-09-05 4:17 ` Trond Myklebust
2006-09-05 2:23 ` Trond Myklebust
2006-09-05 3:01 ` Ian Kent
2006-09-05 4:05 ` Trond Myklebust
2006-09-05 4:06 ` Ian Kent
2006-09-05 4:57 ` Trond Myklebust
2006-09-05 6:45 ` Ian Kent
2006-09-05 7:07 ` Ian Kent
2006-09-04 18:20 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1157428241.5510.72.camel@localhost \
--to=trond.myklebust@fys.uio.no \
--cc=akpm@osdl.org \
--cc=linux-cachefs@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nfsv4@linux-nfs.org \
--cc=raven@themaw.net \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).