From mboxrd@z Thu Jan 1 00:00:00 1970 From: "J. Bruce Fields" Subject: Re: [PATCH review 6/6] vfs: Cache the results of path_connected Date: Tue, 1 Sep 2015 14:11:22 -0400 Message-ID: <20150901181122.GC1948@fieldses.org> References: <871tfj0x4j.fsf@x220.int.ebiederm.org> <20150804194447.GB6664@fieldses.org> <874mkey824.fsf@x220.int.ebiederm.org> <20150805155948.GD17797@fieldses.org> <878u9pwvg8.fsf@x220.int.ebiederm.org> <20150828194302.GE10468@fieldses.org> <20150828194540.GF10468@fieldses.org> <87k2sb88ev.fsf@x220.int.ebiederm.org> <20150901144632.GA32692@fieldses.org> <877foavx3f.fsf@x220.int.ebiederm.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Andrey Vagin , Miklos Szeredi , Richard Weinberger , Linux Containers , Andy Lutomirski , Al Viro , linux-fsdevel@vger.kernel.org, Jann Horn , Linus Torvalds , Willy Tarreau To: "Eric W. Biederman" Return-path: Received: from fieldses.org ([173.255.197.46]:48358 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752159AbbIASLW (ORCPT ); Tue, 1 Sep 2015 14:11:22 -0400 Content-Disposition: inline In-Reply-To: <877foavx3f.fsf@x220.int.ebiederm.org> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Tue, Sep 01, 2015 at 01:00:20PM -0500, Eric W. Biederman wrote: > No problem. Thank you for the discussion. This has if nothing else > allowed me to understand this from a real world perspective, and in > particular allows me to understand which permission checks would be > necessary to safely allow file handles in a user namespace (if we ever > decide it is safe to allow that). > > In short if you did not mount the filesystem you better not be nfs > exporting the filesystem, or parts of the filesystem, or be allowed to > use file handle access to the filesystem. Agreed. --b.