From: Jan Kara <jack@suse.cz>
To: Li Xi <pkuelelixi@gmail.com>
Cc: Jan Kara <jack@suse.cz>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
Ext4 Developers List <linux-ext4@vger.kernel.org>,
"linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
Theodore Ts'o <tytso@mit.edu>, Andreas Dilger <adilger@dilger.ca>,
"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>,
"hch@infradead.org" <hch@infradead.org>,
Dmitry Monakhov <dmonakhov@openvz.org>
Subject: Re: [v10 4/5] ext4: adds FS_IOC_FSSETXATTR/FS_IOC_FSGETXATTR interface support
Date: Wed, 1 Apr 2015 09:20:37 +0200 [thread overview]
Message-ID: <20150401072037.GA25311@quack.suse.cz> (raw)
In-Reply-To: <CAPTn0cAkHZ7xhrR2RPpDqffX-Mndt7aPQ-PTHb3tkfCdUWLPBA@mail.gmail.com>
On Fri 20-03-15 21:24:07, Li Xi wrote:
> On Thu, Mar 19, 2015 at 5:56 PM, Jan Kara <jack@suse.cz> wrote:
> > On Thu 19-03-15 04:04:56, Li Xi wrote:
> >> This patch adds FS_IOC_FSSETXATTR/FS_IOC_FSGETXATTR ioctl interface
> >> support for ext4. The interface is kept consistent with
> >> XFS_IOC_FSGETXATTR/XFS_IOC_FSGETXATTR.
> > Two more comments below.
> >
> >>
> >> Signed-off-by: Li Xi <lixi@ddn.com>
> > ...
> >> +static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
> >> +{
> >> + struct inode *inode = file_inode(filp);
> >> + struct super_block *sb = inode->i_sb;
> >> + struct ext4_inode_info *ei = EXT4_I(inode);
> >> + int err;
> >> + handle_t *handle;
> >> + kprojid_t kprojid;
> >> + struct ext4_iloc iloc;
> >> + struct ext4_inode *raw_inode;
> >> +
> >> + struct dquot *transfer_to[EXT4_MAXQUOTAS] = { };
> >> +
> >> + /* Make sure caller can change project. */
> >> + if (!capable(CAP_SYS_ADMIN))
> >> + return -EACCES;
> > Why do you test capabilities here when you already test permission in
> > EXT4_IOC_FSSETXATTR? Furthermore this test is too restrictive. Just delete
> > it.
> It seems we need this restrictive permission. Otherwise the owner of the file
> can change the project ID to any other project. That means, the owner can
> walk around the quota limit whenever he/she wants. But I agree checking
> permission twice is not good.
Sorry for a late reply but I was catching up with stuff after a
conference and then got ill. So I agree that owner of a file can escape
project quota limit whenever he/she wants by setting project to something
else. Sadly that's how project quota has been originally designed and how
it works in XFS for years. So we should start with being compatible with
this behavior.
Konstantin has in his patches patch "fs: protected project id" which
creates a sysctl which controls whether or not owner is able to set
arbitrary project id. That is one way to improve the situation so that
project quotas are usable also in situations where setting project quotas
to any project by file owner is undesirable. Christoph also had an idea
that we could allow owner to set project to anything when current project
is unset (0). Once project is set, only CAP_SYS_ADMIN (maybe better
capability would be CAP_CHOWN actually) process can change it. We can
discuss how to change the current XFS model to suit new usecases but IMHO
we should start the way XFS is...
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
next prev parent reply other threads:[~2015-04-01 7:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-18 19:04 [v10 0/5] ext4: add project quota support Li Xi
2015-03-18 19:04 ` [v10 1/5] vfs: adds general codes to enforces project quota limits Li Xi
[not found] ` <1426705497-22158-2-git-send-email-lixi-LfVdkaOWEx8@public.gmane.org>
2015-03-19 9:06 ` Jan Kara
2015-03-18 19:04 ` [v10 2/5] ext4: adds project ID support Li Xi
[not found] ` <1426705497-22158-1-git-send-email-lixi-LfVdkaOWEx8@public.gmane.org>
2015-03-18 19:04 ` [v10 3/5] ext4: adds project quota support Li Xi
2015-03-19 9:41 ` Jan Kara
2015-03-19 19:23 ` Andreas Dilger
[not found] ` <D6B2436D-287C-4CC2-8646-8FF0A9F74E07-m1MBpc4rdrD3fQ9qLvQP4Q@public.gmane.org>
2015-03-20 13:02 ` Li Xi
2015-03-18 19:04 ` [v10 4/5] ext4: adds FS_IOC_FSSETXATTR/FS_IOC_FSGETXATTR interface support Li Xi
2015-03-19 9:56 ` Jan Kara
2015-03-20 13:24 ` Li Xi
2015-04-01 7:20 ` Jan Kara [this message]
2015-04-01 9:00 ` Li Xi
2015-03-18 19:04 ` [v10 5/5] ext4: cleanup inode flag definitions Li Xi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150401072037.GA25311@quack.suse.cz \
--to=jack@suse.cz \
--cc=adilger@dilger.ca \
--cc=dmonakhov@openvz.org \
--cc=hch@infradead.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=pkuelelixi@gmail.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).