From: Steve Dickson <SteveD@redhat.com>
To: "Myklebust, Trond" <Trond.Myklebust@netapp.com>
Cc: Jeff Layton <jlayton@redhat.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
"dpquigl@davequigley.com" <dpquigl@davequigley.com>
Subject: Re: [PATCH] nfs: set security label when revalidating inode
Date: Mon, 04 Nov 2013 10:19:23 -0500 [thread overview]
Message-ID: <5277BAFB.9070109@RedHat.com> (raw)
In-Reply-To: <C85EF88C-B4F8-484C-A00D-5A86ACB61C10@netapp.com>
On 02/11/13 22:23, Myklebust, Trond wrote:
>
> On Nov 2, 2013, at 6:57, Jeff Layton <jlayton@redhat.com> wrote:
>
>> Currently, we fetch the security label when revalidating an inode's
>> attributes, but don't apply it. This is in contrast to the readdir()
>> codepath where we do apply label changes.
>
> OK. Why should we not just throw out the code that fetches the security label here?
Looking back at the original code (aka David's tree), the label was being set
in nfs_refresh_inode() after the nfs_refresh_inode_locked() call:
int nfs_refresh_inode(struct inode *inode, struct nfs_fattr *fattr, struct nfs4_label *label)
{
int status;
if ((fattr->valid & NFS_ATTR_FATTR) == 0)
return 0;
spin_lock(&inode->i_lock);
status = nfs_refresh_inode_locked(inode, fattr, label);
spin_unlock(&inode->i_lock);
if (nfs_server_capable(inode, NFS_CAP_SECURITY_LABEL)) {
if (label && !status)
nfs_setsecurity(inode, fattr, label);
}
return status;
}
This code chunk got remove when I removed the setting of labels from
all the original places they were being set (aka access, commits, etc).
There is an outstanding bug on how the client is not recognizing the
changing of a label.. So this patch will probably fix that bug...
>
> IOW: what is the caching model that is being implemented in this patch;
> is it just “fetch label at random intervals” or is there real method to the madness?
There is no caching model per say... I really don't think there needs to be
one... Labels are a client only thing meaning the server is not expect to
change the label and an application is expect to set them... So if there
is any caching to be done it should be done by the application, not the
filesystem... IMHO...
steved.
next prev parent reply other threads:[~2013-11-04 15:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-02 10:57 [PATCH] nfs: set security label when revalidating inode Jeff Layton
2013-11-03 0:46 ` Dave Quigley
2013-11-03 2:23 ` Myklebust, Trond
2013-11-03 10:14 ` Jeff Layton
2013-11-03 11:01 ` Jeff Layton
[not found] ` <32FF43CF-D4D7-41AD-9B2F-8BAD6C2F846C@netapp.com>
2013-11-03 17:01 ` Jeff Layton
2013-11-03 18:41 ` Myklebust, Trond
2013-11-04 1:28 ` Jeff Layton
2013-11-04 15:19 ` Steve Dickson [this message]
2013-11-04 16:03 ` Myklebust, Trond
2013-11-04 17:56 ` Steve Dickson
2013-11-04 19:20 ` Labeled NFS: Is the value of FATTR4_WORD2_SECURITY_LABEL correct? Myklebust, Trond
2013-11-04 19:30 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5277BAFB.9070109@RedHat.com \
--to=steved@redhat.com \
--cc=Trond.Myklebust@netapp.com \
--cc=dpquigl@davequigley.com \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).