From: Michael Halcrow <mhalcrow@us.ibm.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: viro@ZenIV.linux.org.uk, akpm@linux-foundation.org,
torvalds@linux-foundation.org, dave@linux.vnet.ibm.com,
ezk@cs.sunysb.edu, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [patch 00/13] vfs: add helpers to check r/o bind mounts
Date: Mon, 28 Apr 2008 09:20:48 -0500 [thread overview]
Message-ID: <20080428142048.GN18686@localhost.austin.ibm.com> (raw)
In-Reply-To: <E1JqQOT-0004IY-7E@pomaz-ex.szeredi.hu>
On Mon, Apr 28, 2008 at 12:15:33PM +0200, Miklos Szeredi wrote:
> Which begs the question: why is ecryptfs doing that with the xattr
> methods? Does it need to bypass the permission checks? Seems very
> fishy to me.
Yes, it was mainly to avoid the permission checks, since eCryptfs
needs to be able to freely manipulate the cryptographic metadata
stored in the xattr region of the lower file when the user mounts with
the option to use the xattr region. I just used the same function to
access the lower xattr (ecryptfs_setxattr(), for instance) for both
xattr passthrough and metadata manipulation. This clearly can be
changed at this point so that at least the xattr passthrough of xattr
ops explicitly done by the user uses the vfs_* xattr calls instead.
However, in terms of permissions that eCryptfs needs, there are some
semantics that I need to work out. For instance, if eCryptfs
absolutely respects a rule that says that the lower file may only be
opened append-only, even by root, then eCryptfs cannot do its job,
which may include writing out the crypto metadata to the xattr of the
lower file. In that case, an operation on the lower fs will succeed,
but that exact same operation on the file under eCryptfs will fail,
since xattr.c::xattr_permission() will return -EPERM if
IS_APPEND(inode), and an open in eCryptfs will automatically entail an
xattr write if the mount is done with instructions to write the
metadata to the xattr regions of the lower files.
Mike
next prev parent reply other threads:[~2008-04-28 14:23 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-24 11:39 [patch 00/13] vfs: add helpers to check r/o bind mounts Miklos Szeredi
2008-04-24 11:39 ` [patch 01/13] ecryptfs: add missing lock around notify_change Miklos Szeredi
2008-04-24 16:56 ` Erez Zadok
2008-04-24 17:09 ` Miklos Szeredi
2008-04-24 11:39 ` [patch 02/13] ecryptfs: clean up (un)lock_parent Miklos Szeredi
2008-04-24 11:39 ` [patch 03/13] nfsd: clean up mnt_want_write calls Miklos Szeredi
2008-04-24 11:39 ` [patch 04/13] vfs: add path_create() and path_mknod() Miklos Szeredi
2008-04-24 11:39 ` [patch 05/13] vfs: add path_mkdir() Miklos Szeredi
2008-04-24 11:39 ` [patch 06/13] vfs: add path_rmdir() Miklos Szeredi
2008-04-24 11:39 ` [patch 07/13] vfs: add path_unlink() Miklos Szeredi
2008-04-24 11:39 ` [patch 08/13] vfs: add path_symlink() Miklos Szeredi
2008-04-24 11:39 ` [patch 09/13] vfs: add path_link() Miklos Szeredi
2008-04-24 11:40 ` [patch 10/13] vfs: add path_rename() Miklos Szeredi
2008-04-24 11:40 ` [patch 11/13] vfs: add path_setattr() Miklos Szeredi
2008-04-24 11:40 ` [patch 12/13] vfs: add path_setxattr() Miklos Szeredi
2008-04-24 11:40 ` [patch 13/13] vfs: add path_removexattr() Miklos Szeredi
2008-04-24 12:42 ` [patch 00/13] vfs: add helpers to check r/o bind mounts Al Viro
2008-04-24 13:05 ` Miklos Szeredi
2008-04-24 13:48 ` Al Viro
2008-04-24 14:00 ` Al Viro
2008-04-24 14:16 ` Miklos Szeredi
2008-04-24 14:35 ` Al Viro
2008-04-24 14:42 ` Miklos Szeredi
2008-04-24 14:48 ` Al Viro
2008-04-24 14:58 ` Miklos Szeredi
2008-04-24 15:21 ` Al Viro
2008-04-24 15:37 ` Miklos Szeredi
2008-04-24 15:59 ` Al Viro
2008-04-24 16:16 ` Miklos Szeredi
2008-04-28 10:15 ` Miklos Szeredi
2008-04-28 14:20 ` Michael Halcrow [this message]
2008-04-28 14:52 ` Miklos Szeredi
2008-04-25 7:22 ` Miklos Szeredi
2008-04-24 17:55 ` Dave Hansen
2008-04-24 18:47 ` Miklos Szeredi
2008-04-24 14:09 ` Miklos Szeredi
2008-04-24 14:28 ` Al Viro
2008-04-24 14:36 ` Miklos Szeredi
2008-04-24 14:44 ` Al Viro
2008-04-24 14:53 ` Miklos Szeredi
2008-04-24 15:12 ` Al Viro
2008-04-24 15:18 ` Miklos Szeredi
2008-04-24 15:38 ` Al Viro
2008-04-24 15:43 ` Miklos Szeredi
2008-04-24 17:29 ` Erez Zadok
2008-04-24 18:13 ` Al Viro
2008-04-24 19:40 ` Erez Zadok
2008-04-24 20:16 ` Michael Halcrow
2008-04-24 22:39 ` Erez Zadok
2008-04-24 23:33 ` Michael Halcrow
2008-04-28 21:53 ` J. Bruce Fields
2008-04-24 17:25 ` Erez Zadok
2008-04-24 17:30 ` Al Viro
2008-04-24 19:56 ` Erez Zadok
2008-04-24 17:04 ` Erez Zadok
2008-04-24 16:52 ` Erez Zadok
2008-04-24 16:58 ` Miklos Szeredi
2008-04-24 17:14 ` Erez Zadok
2008-04-24 17:23 ` Miklos Szeredi
2008-05-01 5:40 ` Dave Hansen
2008-05-01 8:08 ` Miklos Szeredi
2008-05-01 16:40 ` Dave Hansen
2008-05-01 17:04 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080428142048.GN18686@localhost.austin.ibm.com \
--to=mhalcrow@us.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=dave@linux.vnet.ibm.com \
--cc=ezk@cs.sunysb.edu \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).