From: Michael Halcrow <mhalcrow@us.ibm.com>
To: Erez Zadok <ezk@cs.sunysb.edu>
Cc: Andrew Morton <akpm@osdl.org>,
"Josef 'Jeff' Sipek" <jsipek@cs.sunysb.edu>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
hch@infradead.org, viro@ftp.linux.org.uk, torvalds@osdl.org,
David Quigley <dquigley@cs.sunysb.edu>
Subject: Re: [PATCH 01/24] Unionfs: Documentation
Date: Mon, 8 Jan 2007 17:00:18 -0600 [thread overview]
Message-ID: <20070108230018.GB3756@us.ibm.com> (raw)
In-Reply-To: <200701082051.l08KpV8b011212@agora.fsl.cs.sunysb.edu>
On Mon, Jan 08, 2007 at 03:51:31PM -0500, Erez Zadok wrote:
> BTW, this is a problem with all stackable file systems, including
> ecryptfs. To be fair, our Unionfs users have come up against this
> problem, usually for the first time they use Unionfs :-).
I suspect that the only reason why this has not yet surfaced as a
major issue in eCryptfs is because nobody is bothering to manipulate
the eCryptfs-encrypted lower files. The only code out there right now
that can make sense of the files is in the eCryptfs kernel module.
> Now, we've discussed a number of possible solutions. Thanks to
> suggestions we got at OLS, we discussed a way to hide the lower
> namespace, or make it readonly, using existing kernel facilities.
> But my understanding is that even it'd work, it'd only address new
> processes: if an existing process has an open fd in a lower branch
> before we "lock up" the lower branch's name space, that process may
> still be able to make lower-level changes.
Again, eCryptfs is fortunate in that the vast majority of users who
access the lower eCryptfs files will only want to read the encrypted
files (to do backups, for instance). I do not know of any userspace
utilities that can write correct eCryptfs lower file content.
> Detecting such processes may not be easy. What to do with them,
> once detected, is also unclear. We welcome suggestions.
My first instinct is to say that stacked filesystem should not even
begin to open the file if it is already opened by something other than
the stacked filesystem (-EPERM with a message in the syslog about the
problem). In the case when a stacked filesystem wants to open a file
that is already opened by something other than the stacked filesystem,
the stacked filesystem loses. Once the process closes the file, the
process is hitherto prevented from accessing the file again (via the
before-mentioned mechanism of hiding the lower namespace).
> Another possibility is that after, hopefully, both Unionfs and
> ecryptfs are in, and some more user experience has been accumulated,
> that we'll look into addressing this page-cache consistency problem
> for all stacked f/s.
Unionfs and eCryptfs share almost exactly the same namespace
issues. Unionfs happens to be impacted by them more than eCryptfs
because of the differences in how people actually access the files
under the two filesystems.
> Jeff, I don't think it's acceptable to OOPS.
For now, stacked filesystems just need to stay on their toes. There
are several places where assumptions need to be checked.
Mike
next prev parent reply other threads:[~2007-01-08 23:00 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-08 4:12 [PATCH 00/24] Unionfs, try #4 Josef 'Jeff' Sipek
2007-01-08 4:12 ` [PATCH 01/24] Unionfs: Documentation Josef 'Jeff' Sipek
2007-01-08 19:18 ` Andrew Morton
2007-01-08 19:43 ` Shaya Potter
2007-01-08 20:24 ` Jan Engelhardt
2007-01-08 21:32 ` Shaya Potter
2007-01-08 21:19 ` Andrew Morton
2007-01-08 21:30 ` Shaya Potter
2007-01-08 22:02 ` Andrew Morton
2007-01-08 22:21 ` Shaya Potter
2007-01-08 23:34 ` Jan Engelhardt
2007-01-08 23:37 ` Josef Sipek
2007-01-09 0:03 ` Erez Zadok
2007-01-09 9:53 ` Christoph Hellwig
2007-01-09 10:43 ` Josef Sipek
2007-01-09 10:47 ` Christoph Hellwig
2007-01-09 10:48 ` Christoph Hellwig
2007-01-09 17:28 ` Erez Zadok
2007-01-08 23:25 ` Josef Sipek
2007-01-09 9:49 ` Christoph Hellwig
2007-01-09 10:36 ` Josef Sipek
2007-01-08 20:51 ` Erez Zadok
2007-01-08 21:53 ` Jan Engelhardt
2007-01-08 23:00 ` Michael Halcrow [this message]
2007-01-08 23:45 ` Josef Sipek
2007-01-09 0:19 ` Giuseppe Bilotta
2007-01-09 0:33 ` Josef Sipek
2007-01-09 1:26 ` Jan Engelhardt
2007-01-09 1:50 ` Shaya Potter
2007-01-09 12:26 ` Jan Kara
2007-01-09 16:39 ` Trond Myklebust
2007-01-09 17:04 ` Jan Kara
2007-01-09 17:07 ` Trond Myklebust
2007-01-09 17:34 ` Erez Zadok
2007-01-10 16:12 ` Jan Kara
2007-01-10 20:15 ` Erez Zadok
2007-01-10 20:24 ` Shaya Potter
2007-01-10 21:27 ` Jan Kara
2007-01-10 23:20 ` Josef Sipek
2007-01-10 23:29 ` Shaya Potter
2007-01-11 8:54 ` Jan Kara
2007-01-08 23:15 ` Josef Sipek
2007-01-09 12:15 ` Jan Kara
2007-01-09 16:30 ` Trond Myklebust
2007-01-09 16:41 ` Shaya Potter
2007-01-09 17:03 ` Trond Myklebust
2007-01-09 17:11 ` Shaya Potter
2007-01-09 17:16 ` Erez Zadok
2007-01-09 17:16 ` Jan Kara
2007-01-09 22:02 ` Jan Engelhardt
2007-01-11 14:29 ` unionfs unusable on multiuser systems (was Re: [PATCH 01/24] Unionfs: Documentation) Pavel Machek
2007-01-12 14:17 ` Shaya Potter
2007-01-08 4:12 ` [PATCH 02/24] lookup_one_len_nd - lookup_one_len with nameidata argument Josef 'Jeff' Sipek
2007-01-08 4:12 ` [PATCH 03/24] Unionfs: Branch management functionality Josef 'Jeff' Sipek
2007-01-08 4:12 ` [PATCH 04/24] Unionfs: Common file operations Josef 'Jeff' Sipek
2007-01-08 21:28 ` Andrew Morton
2007-01-08 4:12 ` [PATCH 05/24] Unionfs: Copyup Functionality Josef 'Jeff' Sipek
2007-01-08 21:29 ` Andrew Morton
2007-01-08 22:00 ` Shaya Potter
2007-01-08 4:12 ` [PATCH 06/24] Unionfs: Dentry operations Josef 'Jeff' Sipek
2007-01-08 21:29 ` Andrew Morton
2007-01-08 4:12 ` [PATCH 07/24] Unionfs: File operations Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 08/24] Unionfs: Directory file operations Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 09/24] Unionfs: Directory manipulation helper functions Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 10/24] Unionfs: Inode operations Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 11/24] Unionfs: Lookup helper functions Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 12/24] Unionfs: Main module functions Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 13/24] Unionfs: Readdir state Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 14/24] Unionfs: Rename Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 15/24] Unionfs: Privileged operations workqueue Josef 'Jeff' Sipek
2007-01-08 21:27 ` Andrew Morton
2007-01-08 4:13 ` [PATCH 16/24] Unionfs: Handling of stale inodes Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 17/24] Unionfs: Miscellaneous helper functions Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 18/24] Unionfs: Superblock operations Josef 'Jeff' Sipek
2007-01-08 21:29 ` Andrew Morton
2007-01-08 4:13 ` [PATCH 19/24] Unionfs: Helper macros/inlines Josef 'Jeff' Sipek
2007-01-08 21:28 ` Andrew Morton
2007-01-08 4:13 ` [PATCH 20/24] Unionfs: Internal include file Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 21/24] Unionfs: Include file Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 22/24] Unionfs: Unlink Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 23/24] Unionfs: Kconfig and Makefile Josef 'Jeff' Sipek
2007-01-08 4:13 ` [PATCH 24/24] Unionfs: Extended Attributes support Josef 'Jeff' Sipek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070108230018.GB3756@us.ibm.com \
--to=mhalcrow@us.ibm.com \
--cc=akpm@osdl.org \
--cc=dquigley@cs.sunysb.edu \
--cc=ezk@cs.sunysb.edu \
--cc=hch@infradead.org \
--cc=jsipek@cs.sunysb.edu \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@osdl.org \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).