From mboxrd@z Thu Jan  1 00:00:00 1970
From: Rob Ross <rross@mcs.anl.gov>
Subject: Re: openg and path_to_handle
Date: Wed, 06 Dec 2006 10:20:23 -0600
Message-ID: <4576EDC7.7040109@mcs.anl.gov>
References: <20061128055428.GA29891@infradead.org> <20061129090450.GA16296@infradead.org> <20061129122313.GG14315@parisc-linux.org> <20061129123913.GA15994@infradead.org> <4570ACD1.7060800@mcs.anl.gov> <f158dc670612011835u2bbd39d2sbe8abf2a9d6b9e23@mail.gmail.com> <4574BF52.6090600@mcs.anl.gov> <f158dc670612050847y197c232bp6f967934c5769bf3@mail.gmail.com> <20061206094805.GB33919298@melbourne.sgi.com> <4576E783.7020402@mcs.anl.gov> <20061206160439.GV3013@parisc-linux.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: David Chinner <dgc@sgi.com>, Latchesar Ionkov <lionkov@lanl.gov>,
	Christoph Hellwig <hch@infradead.org>,
	Gary Grider <ggrider@lanl.gov>, linux-fsdevel@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mailgw.mcs.anl.gov ([140.221.9.4]:37453 "EHLO
	mailgw.mcs.anl.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S936271AbWLFQUZ (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 6 Dec 2006 11:20:25 -0500
To: Matthew Wilcox <matthew@wil.cx>
In-Reply-To: <20061206160439.GV3013@parisc-linux.org>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

Matthew Wilcox wrote:
> On Wed, Dec 06, 2006 at 09:53:39AM -0600, Rob Ross wrote:
>> David Chinner wrote:
>>> Does anyone here know about the XFS libhandle API? This has been
>>> around for years and it does _exactly_ what these proposed syscalls
>>> are supposed to do (and more).
>> Thanks for pointing these out Dave. These are indeed along the same 
>> lines as the openg()/openfh() approach.
>>
>> One difference is that they appear to perform permission checking on the 
>> open_by_handle(), which means that the entire path needs to be encoded 
>> in the handle, and makes it difficult to eliminate the path traversal 
>> overhead on N open_by_handle() operations.
> 
> Another (and highly important) difference is that usage is restricted to
> root:
> 
> xfs_open_by_handle(...)
> ...
>         if (!capable(CAP_SYS_ADMIN))
> 		return -XFS_ERROR(EPERM);

I assume that this is because the implementation chose not to do the 
path encoding in the handle? Because if they did, they could do full 
path permission checking as part of the open_by_handle.

Rob