From: Jeff Layton <jlayton@redhat.com>
To: Olga Kornievskaia <kolga@netapp.com>,
linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org
Subject: Re: [RFC v2 0/3] VFS/NFS support to destroy FS credentials
Date: Mon, 07 Aug 2017 06:27:37 -0400 [thread overview]
Message-ID: <1502101657.4811.1.camel@redhat.com> (raw)
In-Reply-To: <20170804144939.25374-1-kolga@netapp.com>
On Fri, 2017-08-04 at 10:49 -0400, Olga Kornievskaia wrote:
> Allow a user to call into the file system and ask to destroy FS
> credentials. For instance, when the user logs out after using
> a kerberized NFS share, he destroys Kerberos credentials but NFS
> credentials remain valid until the gss context expires. Allow
> the user (or things like pam) to trigger destruction of such
> credentials.
>
> A userland application would do:
>
> fd = open("/mnt", O_DIRECTORY|O_RDONLY);
> syscall(_NR_destroy_creds, fd);
>
> v2: fixing a hasty IS_DIR check, definition of __NR_destroy_creds
> and order of the patches
>
> Olga Kornievskaia (3):
> VFS adding destroy_creds call
> SUNRPC mark user credentials destroyed
> NFS define vfs destroy_creds functions
>
> arch/x86/entry/syscalls/syscall_32.tbl | 1 +
> arch/x86/entry/syscalls/syscall_64.tbl | 1 +
> fs/nfs/dir.c | 8 ++++++++
> fs/read_write.c | 22 ++++++++++++++++++++++
> include/linux/fs.h | 2 ++
> include/linux/sunrpc/auth.h | 5 +++++
> include/linux/syscalls.h | 2 +-
> include/uapi/asm-generic/unistd.h | 4 +++-
> kernel/sys_ni.c | 1 +
> net/sunrpc/auth.c | 9 +++++++++
> net/sunrpc/auth_generic.c | 15 +++++++++++++++
> net/sunrpc/auth_gss/auth_gss.c | 3 +++
> 12 files changed, 71 insertions(+), 2 deletions(-)
>
I think I'd like to see a proposed manpage for this syscall.
How do you expect this syscall to be used by userland? What will call it
and under what circumstances?
Also, this looks at first glance like a single-purpose, single-
filesystem call. Would this have any purpose at all outside of NFS?
Would this be usable with CIFS or Ceph in some fashion?
--
Jeff Layton <jlayton@redhat.com>
next prev parent reply other threads:[~2017-08-07 10:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-04 14:49 [RFC v2 0/3] VFS/NFS support to destroy FS credentials Olga Kornievskaia
2017-08-04 14:49 ` [RFC v2 1/3] VFS adding destroy_creds call Olga Kornievskaia
2017-08-04 14:49 ` [RFC v2 2/3] SUNRPC mark user credentials destroyed Olga Kornievskaia
2017-08-04 14:49 ` [RFC v2 3/3] NFS define vfs destroy_creds functions Olga Kornievskaia
2017-08-07 10:27 ` Jeff Layton [this message]
2017-08-07 15:35 ` [RFC v2 0/3] VFS/NFS support to destroy FS credentials Olga Kornievskaia
2017-08-07 15:53 ` Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1502101657.4811.1.camel@redhat.com \
--to=jlayton@redhat.com \
--cc=kolga@netapp.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).