From: Al Viro <viro@ZenIV.linux.org.uk>
To: Andy Whitcroft <apw@canonical.com>
Cc: linux-fsdevel@vger.kernel.org, Kees Cook <kees@ubuntu.com>
Subject: Re: Can the VFS layer rely on i_uid
Date: Mon, 5 Mar 2012 13:26:43 +0000 [thread overview]
Message-ID: <20120305132642.GL23916@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20120305121239.GB9978@shadowen.org>
On Mon, Mar 05, 2012 at 12:12:39PM +0000, Andy Whitcroft wrote:
> When an inode does not provide a permissions() op generic permissions
> checks are used and these assume that i_mode, i_uid, and i_gid are
> all populated, using them directly to perform these checks. When a
> permissions() op is provided obviously this code is not used. What is not
> so clear to me is whether there is still an assumption or requirement that
> these are populated in this case. My gut feeling is that if you have a
> permissions() op then there is no obligation to use these fields at all,
> indeed it seems entirely reasonable that your permission model not map
> sensibly onto such permissions.
Not quite... Ideally, yes, we'd want to have ->i_uid used only by fs-specific
code and helpers used by that fs (including those that are implicit defaults).
And BTW, you proposal to have non-trivial differences in behaviour of code
based on whether ->permission() (and ->getattr()) is NULL is an atrocity -
this kind of layering violations is wrong and brittle, so please abstain from
that. In practice we have enough places where uid/gid is used directly
to make setting them practically a requirement - places like /proc/<pid>/
can get away with not doing that, but only because shitloads of syscalls
are not allowed on those anyway, permissions or no permissions. In anything
general-purpose you really need to set it.
next prev parent reply other threads:[~2012-03-05 13:26 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-05 12:12 Can the VFS layer rely on i_uid Andy Whitcroft
2012-03-05 13:26 ` Al Viro [this message]
2012-03-05 13:48 ` Andy Whitcroft
2012-03-05 15:37 ` Szeredi Miklos
2012-03-12 6:40 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120305132642.GL23916@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=apw@canonical.com \
--cc=kees@ubuntu.com \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).