From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from relay.sgi.com (relay3.corp.sgi.com [198.149.34.15]) by oss.sgi.com (Postfix) with ESMTP id 88DE77F50 for ; Mon, 19 Oct 2015 08:16:59 -0500 (CDT) Received: from cuda.sgi.com (cuda3.sgi.com [192.48.176.15]) by relay3.corp.sgi.com (Postfix) with ESMTP id DCEBCAC002 for ; Mon, 19 Oct 2015 06:16:58 -0700 (PDT) Received: from mail-ig0-f178.google.com (mail-ig0-f178.google.com [209.85.213.178]) by cuda.sgi.com with ESMTP id 2U0HOTxSW8g6qlXx (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Mon, 19 Oct 2015 06:16:54 -0700 (PDT) Received: by igbdj2 with SMTP id dj2so56440263igb.1 for ; Mon, 19 Oct 2015 06:16:54 -0700 (PDT) Subject: Re: [PATCH v11 21/48] ext4: Add richacl feature flag References: <1445008706-15115-1-git-send-email-agruenba@redhat.com> <1445008706-15115-22-git-send-email-agruenba@redhat.com> <5621346E.5000500@gmail.com> From: Austin S Hemmelgarn Message-ID: <5624ED40.7040206@gmail.com> Date: Mon, 19 Oct 2015 09:16:48 -0400 MIME-Version: 1.0 In-Reply-To: List-Id: XFS Filesystem from SGI List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============8005895632932449935==" Errors-To: xfs-bounces@oss.sgi.com Sender: xfs-bounces@oss.sgi.com To: Andreas Gruenbacher Cc: linux-cifs@vger.kernel.org, Linux NFS Mailing List , Theodore Ts'o , Linux API , Trond Myklebust , LKML , xfs@oss.sgi.com, "J. Bruce Fields" , Andreas Dilger , Alexander Viro , linux-fsdevel , Jeff Layton , linux-ext4 , Anna Schumaker , "Aneesh Kumar K.V" This is a cryptographically signed message in MIME format. --===============8005895632932449935== Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms030800000600070409050505" This is a cryptographically signed message in MIME format. --------------ms030800000600070409050505 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable On 2015-10-16 13:41, Andreas Gruenbacher wrote: > On Fri, Oct 16, 2015 at 7:31 PM, Austin S Hemmelgarn > wrote: >> I would like to re-iterate, on both XFS and ext4, I _really_ think thi= s >> should be a ro_compat flag, and not an incompat one. If a person has = the >> ability to mount the FS (even if it's a read-only mount), then they by= >> definition have read access to the file or partition that the filesyst= em is >> contained in, which means that any ACL's stored on the filesystem are >> functionally irrelevant, > > It is unfortunately not safe to make such a file system accessible to > other users, so the feature is not strictly read-only compatible. > OK, seeing as I wasn't particularly clear as to why I object to this in=20 my other e-mail, let's try this again. Can you please explain exactly why it isn't safe to make such a=20 filesystem accessible to other users? Because that _really_ sounds to=20 me like you are trying to rely on this being un-mountable on a kernel=20 that doesn't support richacls to try and provide the illusion of better=20 security. --------------ms030800000600070409050505 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC Brgwgga0MIIEnKADAgECAgMRLfgwDQYJKoZIhvcNAQENBQAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNp Z25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcN MTUwOTIxMTEzNTEzWhcNMTYwMzE5MTEzNTEzWjBjMRgwFgYDVQQDEw9DQWNlcnQgV29UIFVz ZXIxIzAhBgkqhkiG9w0BCQEWFGFoZmVycm9pbjdAZ21haWwuY29tMSIwIAYJKoZIhvcNAQkB FhNhaGVtbWVsZ0BvaGlvZ3QuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA nQ/81tq0QBQi5w316VsVNfjg6kVVIMx760TuwA1MUaNQgQ3NyUl+UyFtjhpkNwwChjgAqfGd LIMTHAdObcwGfzO5uI2o1a8MHVQna8FRsU3QGouysIOGQlX8jFYXMKPEdnlt0GoQcd+BtESr pivbGWUEkPs1CwM6WOrs+09bAJP3qzKIr0VxervFrzrC5Dg9Rf18r9WXHElBuWHg4GYHNJ2V Ab8iKc10h44FnqxZK8RDN8ts/xX93i9bIBmHnFfyNRfiOUtNVeynJbf6kVtdHP+CRBkXCNRZ qyQT7gbTGD24P92PS2UTmDfplSBcWcTn65o3xWfesbf02jF6PL3BCrVnDRI4RgYxG3zFBJuG qvMoEODLhHKSXPAyQhwZINigZNdw5G1NqjXqUw+lIqdQvoPijK9J3eijiakh9u2bjWOMaleI SMRR6XsdM2O5qun1dqOrCgRkM0XSNtBQ2JjY7CycIx+qifJWsRaYWZz0aQU4ZrtAI7gVhO9h pyNaAGjvm7PdjEBiXq57e4QcgpwzvNlv8pG1c/hnt0msfDWNJtl3b6elhQ2Pz4w/QnWifZ8E BrFEmjeeJa2dqjE3giPVWrsH+lOvQQONsYJOuVb8b0zao4vrWeGmW2q2e3pdv0Axzm/60cJQ haZUv8+JdX9ZzqxOm5w5eUQSclt84u+D+hsCAwEAAaOCAVkwggFVMAwGA1UdEwEB/wQCMAAw VgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBo ZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBABgNV HSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCG SAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy dC5vcmcwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5j cmwwNAYDVR0RBC0wK4EUYWhmZXJyb2luN0BnbWFpbC5jb22BE2FoZW1tZWxnQG9oaW9ndC5j b20wDQYJKoZIhvcNAQENBQADggIBADMnxtSLiIunh/TQcjnRdf63yf2D8jMtYUm4yDoCF++J jCXbPQBGrpCEHztlNSGIkF3PH7ohKZvlqF4XePWxpY9dkr/pNyCF1PRkwxUURqvuHXbu8Lwn 8D3U2HeOEU3KmrfEo65DcbanJCMTTW7+mU9lZICPP7ZA9/zB+L0Gm1UNFZ6AU50N/86vjQfY WgkCd6dZD4rQ5y8L+d/lRbJW7ZGEQw1bSFVTRpkxxDTOwXH4/GpQfnfqTAtQuJ1CsKT12e+H NSD/RUWGTr289dA3P4nunBlz7qfvKamxPymHeBEUcuICKkL9/OZrnuYnGROFwcdvfjGE5iLB kjp/ttrY4aaVW5EsLASNgiRmA6mbgEAMlw3RwVx0sVelbiIAJg9Twzk4Ct6U9uBKiJ8S0sS2 8RCSyTmCRhJs0vvva5W9QUFGmp5kyFQEoSfBRJlbZfGX2ehI2Hi3U2/PMUm2ONuQG1E+a0AP u7I0NJc/Xil7rqR0gdbfkbWp0a+8dAvaM6J00aIcNo+HkcQkUgtfrw+C2Oyl3q8IjivGXZqT 5UdGUb2KujLjqjG91Dun3/RJ/qgQlotH7WkVBs7YJVTCxfkdN36rToPcnMYOI30FWa0Q06gn F6gUv9/mo6riv3A5bem/BdbgaJoPnWQD9D8wSyci9G4LKC+HQAMdLmGoeZfpJzKHMYIE0TCC BM0CAQEwgYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNl cnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcN AQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxEt+DANBglghkgBZQMEAgMFAKCCAiEwGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUxMDE5MTMxNjQ4WjBPBgkq hkiG9w0BCQQxQgRARV6FVy8ON7WyTnhIiAHOwTSFhz3p0KC2fGHMjP9x8EYihIRJXwV8A1lr GKCnA11haUrftMPG6T6MwJvROKcnzTBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjAL BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGRBgkrBgEEAYI3EAQxgYMwgYAweTEQMA4GA1UE ChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlD QSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy dC5vcmcCAxEt+DCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxEt+DAN BgkqhkiG9w0BAQEFAASCAgBySybJn5n6gL1K0NqULeU/N3XCZxSHe8Q2IUD71ZuiWCXoVYzF dCdkwFqrmkO3nLrEZzdCg01rP/UqG5V5vFs3pO9REX2eEIZmw29HFZ6zryN+iKDKAhQ9EX+E S13Pw6AZWZayWowqKp3hFBFGgpGpyXy852bB4AlifgWRZb0SErGY0K+DrnCMZazDUq4/FEHi lZ180OX35bqdEwAXXyWbZ2qdXXJun1NUsLdoIc/3mkGVwqec4kKoa2cTgKYJq5IQ+MHEfy65 WxZVQW8v3Ul3QFZjkSL5d5qCYgn9Ol9GbBURPHd1NBkJq/w1xl9pIPIohikul8cY6whYx3LE dPYnjSyrHlU0CLgkIDsEZWSqEVxnipMTP9cxf9hZJNfY3D6mY7bLeyvLauKLoA/De3IAee4Q KUVF9joGIMiSy8gifPODhPgmq2uWxCkBzK/sW56NUYcl0qvFOPx/DeaYSqijwTe6fuGPISw7 RfIDZ9Mx9TEN0+UvFviq9F2I8PzIL0TdfQ3bS7/2YZrx7k131m6tShSnejdHEy8rHrg27m0R bcolCOOErNVGc8DcsZt90M9Y248sEgr9mD0jboWY8nY064/eyZwFZZwwT1yWg+MeQQ1ojOjl lTQXu/NdFls9aKK6wY+WpoyeFZX5cnfBtHAn1fvo4PG0b9AM+SHGLUTvBAAAAAAAAA== --------------ms030800000600070409050505-- --===============8005895632932449935== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ xfs mailing list xfs@oss.sgi.com http://oss.sgi.com/mailman/listinfo/xfs --===============8005895632932449935==--