From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christoph Hellwig Subject: Re: [PATCH] backout the xattr override access checks flag Date: Fri, 21 Feb 2003 15:54:22 +0000 Sender: linux-fsdevel-owner@vger.kernel.org Message-ID: <20030221155422.A32594@infradead.org> References: <20030220222007.A21678@sgi.com> <200302211120.25224.agruen@suse.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-fsdevel@vger.kernel.org, torvalds@transmeta.com Return-path: To: Andreas Gruenbacher Content-Disposition: inline In-Reply-To: <200302211120.25224.agruen@suse.de>; from agruen@suse.de on Fri, Feb 21, 2003 at 11:20:25AM +0100 List-Id: linux-fsdevel.vger.kernel.org On Fri, Feb 21, 2003 at 11:20:25AM +0100, Andreas Gruenbacher wrote: > > (not that such code even exists yet). > > There is an HSM project for which this feature has been added. I think they > are using a loadable module. URL? > > > Something even better would probably be to move out the xattr access checks > > to common code. > > There are two problems with that, so this doesn't seem any better to me, > either: > > (a) We would have to decode attribute names twice, once for checking > permissions, and a second time for determining how to store them. Doing it in the VFS would probably mean a rather large interface change so it should be decoded only once. I.e. moving your current ext2/ext3-specific handler abstraction to the VFS instead. > (b) Different file systems may implement different features with different, > file system specific limitations. The VFS layer tests would have to accept > all potentially useful things. The file system would have to re-check. What types of EAs do we have? (1) user attributes - the only access checks needed are the normal DAC ones (2) system/trusted - only privilegued access I think that's doable.