From mboxrd@z Thu Jan  1 00:00:00 1970
From: "J. Bruce Fields" <bfields@redhat.com>
Subject: Re: Re: [5/8] syscall_cred() a system call that receives alternate
 CREDs
Date: Mon, 8 Apr 2013 14:31:20 -0400
Message-ID: <20130408183119.GC4442@pad.fieldses.org>
References: <516299A5.8030109@panasas.com>
 <51629DBE.1060508@panasas.com>
 <20130408144201.GB2169@pad.fieldses.org>
 <3325648.XNlCoRUAAr@jlieb-e6410>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Boaz Harrosh <bharrosh@panasas.com>,
	Steven Whitehouse <swhiteho@redhat.com>,
	Steve Dickson <steved@redhat.com>,
	Jeff Layton <jlayton@redhat.com>,
	lsf-pc@lists.linux-foundation.org,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>,
	Ganesha NFS List <nfs-ganesha-devel@lists.sourceforge.net>,
	Frank S Filz <ffilz@us.ibm.com>,
	Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>,
	DENIEL Philippe <philippe.deniel@cea.fr>
To: Jim Lieb <jlieb@panasas.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:47421 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S934871Ab3DHSbq (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 8 Apr 2013 14:31:46 -0400
Content-Disposition: inline
In-Reply-To: <3325648.XNlCoRUAAr@jlieb-e6410>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Mon, Apr 08, 2013 at 11:23:14AM -0700, Jim Lieb wrote:
> On Monday, April 08, 2013 10:42:02 J. Bruce Fields wrote:
> > On Mon, Apr 08, 2013 at 01:36:46PM +0300, Boaz Harrosh wrote:
> > > From: Jim Lieb <jlieb@panasas.com>
> > > 
> > > In current NFS Server (Ganesha) lots of operation becomes 6 syscalls
> > > (Or is it 7?)
> > > 
> > > - setfsuid(), setfsgid(), thread_setgroups()
> > > - The OP
> > > - Revert setfsuid(), setfsgid() to root
> > > 
> > > This is because if we do all these file operations as root then
> > > FS will not account for the quota a user have on create files,
> > > data space, and so on.
> > 
> > To make sure I understand, you're saying that:
> > 
> > 	- the behavior you get out of those 6 syscalls is correct,
> > 	- you just want to be able to do exactly the same thing, but
> > 	  with 1 syscall.  (For performance?)
> > 
> > Or is there some other issue?
> 
> I have attached the email I sent around on the nfs-ganesha list with a model 
> api so we know the details.
> 
> Boaz replied "performance" but there are also race conditions to consider.  If 
> we get signals or ??? somewhere in the sequence, what is our state?  Yes, the 
> setfsuid call back to root can still be done but masquerading has any signals 
> etc. be in the context of that user/group and there is one syscall to deal 
> with, not a stream.

Sorry, I don't understand what you're saying here.  Could you give an
example showing a sequence of events with the wrong result?

> There may be selinux/apparmor issues to deal with too.  If we first
> masquerade the thread and then apply all these access checks, as far
> as the kernel is concerned, it is the masqueraded user.

I don't understand here either.

--b.