From: "Darrick J. Wong" <djwong@kernel.org>
To: Andrey Albershteyn <aalbersh@kernel.org>
Cc: linux-xfs@vger.kernel.org, hch@lst.de
Subject: Re: [PATCH 01/21] xfs_scrub_media_fail: reduce security lockdowns to avoid postfix problems
Date: Thu, 4 Jun 2026 09:48:02 -0700 [thread overview]
Message-ID: <20260604164802.GW6078@frogsfrogsfrogs> (raw)
In-Reply-To: <aiFj_pIHg7SsGPqV@aalbersh-thinkpadx1carbongen13.rmtcz.csb>
On Thu, Jun 04, 2026 at 02:16:24PM +0200, Andrey Albershteyn wrote:
> On 2026-06-03 23:04:36, Darrick J. Wong wrote:
> > From: Darrick J. Wong <djwong@kernel.org>
> >
> > The same lockdown logic of commit 9042fcc08eed6a ("xfs_scrub_fail:
> > tighten up the security on the background systemd service") was applied
> > to the media scan failure reporting service. Therefore, it's also
> > broken on systems that have setgid mailer programs (e.g. postfix).
> > Fix this by applying the same change from commit 15fd6fc686d5ce here
> > too.
> >
> > Cc: <linux-xfs@vger.kernel.org> # v6.17.0
> > Fixes: 15fd6fc686d5ce ("xfs_scrub_fail: reduce security lockdowns to avoid postfix problems")
>
> Fixes: 45ec29cfba02 ("xfs_scrub_all: support metadata+media scans of all filesystems")
> This one, no?
Hrm. 45ec is indeed the commit that introduced the overly strict
security posture, but 15fd came after that, and failed to fix the other
two _fail services. I'm not particularly fussed about which commit the
Fixes trailer points to, but 15fd is a more recent commit.
<shrug>
> Otherwise looks good to me
> Reviewed-by: Andrey Albershteyn <aalbersh@kernel.org>
Thanks!
--D
>
> --
> - Andrey
>
next prev parent reply other threads:[~2026-06-04 16:48 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-04 6:04 [PATCHSET] xfs_scrub: codex-inspired bug fixes for 7.1 Darrick J. Wong
2026-06-04 6:04 ` [PATCH 01/21] xfs_scrub_media_fail: reduce security lockdowns to avoid postfix problems Darrick J. Wong
2026-06-04 12:16 ` Andrey Albershteyn
2026-06-04 16:48 ` Darrick J. Wong [this message]
2026-06-04 6:04 ` [PATCH 02/21] xfs_scrub_all: fix broken command line string array construction Darrick J. Wong
2026-06-04 12:17 ` Andrey Albershteyn
2026-06-04 6:05 ` [PATCH 03/21] xfs_scrub_all_fail: reduce security lockdowns to avoid postfix problems Darrick J. Wong
2026-06-04 12:21 ` Andrey Albershteyn
2026-06-04 16:49 ` Darrick J. Wong
2026-06-04 6:05 ` [PATCH 04/21] xfs_scrub_fail: send content headers for xfs_scrub_all failures Darrick J. Wong
2026-06-04 12:23 ` Andrey Albershteyn
2026-06-04 6:05 ` [PATCH 05/21] xfs_scrub: fix uninitialized variable Darrick J. Wong
2026-06-04 12:24 ` Andrey Albershteyn
2026-06-04 6:05 ` [PATCH 06/21] xfs_scrub: fix integer overflows Darrick J. Wong
2026-06-04 12:25 ` Andrey Albershteyn
2026-06-04 6:06 ` [PATCH 07/21] xfs_scrub: don't count internal log space in the data device used count Darrick J. Wong
2026-06-11 8:25 ` Andrey Albershteyn
2026-06-04 6:06 ` [PATCH 08/21] xfs_scrub: widen scrub and repair dependency mask Darrick J. Wong
2026-06-04 12:37 ` Andrey Albershteyn
2026-06-04 6:06 ` [PATCH 09/21] xfs_scrub: fix work estimation for rtgroups filesystems Darrick J. Wong
2026-06-04 13:48 ` Andrey Albershteyn
2026-06-04 6:06 ` [PATCH 10/21] xfs_scrub: don't report media errors in specially-owned areas as file data Darrick J. Wong
2026-06-11 9:14 ` Andrey Albershteyn
2026-06-11 14:05 ` Darrick J. Wong
2026-06-04 6:07 ` [PATCH 11/21] xfs_scrub: return SCRUB_RET_OPERROR if unicode collision detection fails to initialize Darrick J. Wong
2026-06-04 13:55 ` Andrey Albershteyn
2026-06-04 6:07 ` [PATCH 12/21] xfs_scrub: fix nonsense advice after a scrub finds errors Darrick J. Wong
2026-06-04 13:59 ` Andrey Albershteyn
2026-06-04 6:07 ` [PATCH 13/21] xfs_scrub: don't allow NAN as fstrim percentage Darrick J. Wong
2026-06-04 14:03 ` Andrey Albershteyn
2026-06-04 6:07 ` [PATCH 14/21] xfs_scrub: reset bulkstat pointer on retry Darrick J. Wong
2026-06-04 14:09 ` Andrey Albershteyn
2026-06-04 6:08 ` [PATCH 15/21] xfs_scrub: don't return garbage value from bulkstat_the_rest Darrick J. Wong
2026-06-04 14:13 ` Andrey Albershteyn
2026-06-04 6:08 ` [PATCH 16/21] xfs_scrub: don't continue with phase1 if autofsck=none Darrick J. Wong
2026-06-04 14:19 ` Andrey Albershteyn
2026-06-04 6:08 ` [PATCH 17/21] xfs_scrub: don't crash trying to complain about clean health Darrick J. Wong
2026-06-04 14:24 ` Andrey Albershteyn
2026-06-04 6:09 ` [PATCH 18/21] xfs_scrub: fix inverted return value from ptvar_get Darrick J. Wong
2026-06-04 14:28 ` Andrey Albershteyn
2026-06-04 6:09 ` [PATCH 19/21] xfs_scrub: don't obscure repair failures in repair_list_schedule Darrick J. Wong
2026-06-04 15:27 ` Andrey Albershteyn
2026-06-04 6:09 ` [PATCH 20/21] xfs_scrub: bitmap iteration functions must retur Darrick J. Wong
2026-06-04 15:30 ` Andrey Albershteyn
2026-06-04 6:09 ` [PATCH 21/21] xfs_scrub: read verification isn't ok if it hit runtime errors Darrick J. Wong
2026-06-04 15:35 ` Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260604164802.GW6078@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=aalbersh@kernel.org \
--cc=hch@lst.de \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox