Re: [PATCH 00/16] Permit filesystem local caching [try #3]

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: David Howells <dhowells@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: dhowells@redhat.com, casey@schaufler-ca.com, torvalds@osdl.org,
	akpm@osdl.org, steved@redhat.com, trond.myklebust@fys.uio.no,
	linux-fsdevel@vger.kernel.org, linux-cachefs@redhat.com,
	nfsv4@linux-nfs.org, linux-kernel@vger.kernel.org,
	selinux@tycho.nsa.gov,
	LSM List <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 00/16] Permit filesystem local caching [try #3]
Date: Mon, 13 Aug 2007 16:22:06 +0100	[thread overview]
Message-ID: <10228.1187018526@redhat.com> (raw)
In-Reply-To: <1187017052.26008.51.camel@moss-spartans.epoch.ncsc.mil>

Stephen Smalley <sds@tycho.nsa.gov> wrote:

> Seems like over-design - we don't need to support LSM stacking, and we
> don't need to support pushing/popping more than one level of context.

It will, at some point hopefully, be possible for someone to try, say, NFS
exporting a cached ISO9660 mount (CDROM) - in which case, we'd should allow
for two levels of stack.  If we can pass the displaced context to the caller
to restore later then that allows for more or less unlimited depth.

It occurs to me that the following is almost good enough, but not quite:

  (1) int security_get_context(void **_context);

	This allocates and gives the caller a blob that describes the current
	context of all the LSM module states attached to the current task and
	stores a pointer to it in *_context.

  (2) int security_push(void *context, struct sec **_old_context)

	This causes all the LSM modules on the current task to switch to a new
	acting state, passing back the old state.  It does not change how
	other tasks do things to this one.

  (3) int security_pop(void *context)

	This causes all the LSM modules on the current task to switch to a new
	acting state, deleting the old state.  It does not change how
	other tasks do things to this one.

  (4) int security_delete_context(void *context)

I still need a way to transform the cachefilesd context into the kernel's
context.  See patch:

   Subject: [Linux-cachefs] [PATCH 12/16] CacheFiles: Get the SID under which
	the CacheFiles module should operate [try #3]

However, this seems to add a fairly generic tranformation, so that could be
generalised:

  (5) int security_xfrm_to_kernel_context(void *from, void **_to);

> What was the objection again to the original interface, aside from
> replacing "u32 secids" with "void* security blobs"?

I got the impression that Casey thought much of this was tied to SELinux, but
rereading his/her emails, I'm not so certain.  Maybe that's sufficient.  Casey?

However, I've realised a problem (as outlined above) with what I've got.
Namely its stack isn't necessarily deep enough.  Alternatively, nfsd perhaps
should suppress caching on what it reads.

David

next prev parent reply	other threads:[~2007-08-13 16:27 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-08-10 16:04 [PATCH 00/16] Permit filesystem local caching [try #3] David Howells
2007-08-10 16:05 ` [PATCH 01/16] FS-Cache: Release page->private after failed readahead " David Howells
2007-08-10 16:05 ` [PATCH 02/16] FS-Cache: Recruit a couple of page flags for cache management " David Howells
2007-08-10 16:05 ` [PATCH 03/16] FS-Cache: Provide an add_wait_queue_tail() function " David Howells
2007-08-10 16:05 ` [PATCH 04/16] FS-Cache: Generic filesystem caching facility " David Howells
2007-08-10 16:05 ` [PATCH 05/16] CacheFiles: Add missing copy_page export for ia64 " David Howells
2007-08-10 16:05 ` [PATCH 06/16] CacheFiles: Add a hook to write a single page of data to an inode " David Howells
2007-08-10 16:05 ` [PATCH 07/16] CacheFiles: Permit the page lock state to be monitored " David Howells
2007-08-10 16:05 ` [PATCH 08/16] CacheFiles: Export things for CacheFiles " David Howells
2007-08-10 16:05 ` [PATCH 09/16] CacheFiles: Permit a process's create SID to be overridden " David Howells
2007-08-10 16:52   ` Casey Schaufler
2007-08-10 16:05 ` [PATCH 10/16] CacheFiles: Add an act-as SID override in task_security_struct " David Howells
2007-08-10 16:05 ` [PATCH 11/16] CacheFiles: Permit an inode's security ID to be obtained " David Howells
2007-08-10 16:05 ` [PATCH 12/16] CacheFiles: Get the SID under which the CacheFiles module should operate " David Howells
2007-08-10 16:06 ` [PATCH 13/16] CacheFiles: A cache that backs onto a mounted filesystem " David Howells
2007-08-10 16:06 ` [PATCH 14/16] NFS: Use local caching " David Howells
2007-08-10 16:06 ` [PATCH 15/16] NFS: Configuration and mount option changes to enable local caching on NFS " David Howells
2007-08-10 16:06 ` [PATCH 16/16] NFS: Display local caching state " David Howells
2007-08-10 22:13 ` [PATCH 00/16] Permit filesystem local caching " Casey Schaufler
2007-08-11  8:41   ` David Howells
2007-08-11 15:56     ` Casey Schaufler
2007-08-13 10:54       ` David Howells
2007-08-13 13:46         ` Casey Schaufler
2007-08-13 14:51           ` David Howells
2007-08-13 14:57             ` Stephen Smalley
2007-08-13 15:22               ` David Howells [this message]
2007-08-13 16:20                 ` Casey Schaufler
2007-08-13 16:31                   ` David Howells
2007-08-13 16:58                     ` Casey Schaufler
2007-08-13 19:52                       ` David Howells
2007-08-13 21:44                         ` Casey Schaufler
2007-08-14  9:39                           ` David Howells
2007-08-14 15:53                             ` Casey Schaufler
2007-08-14 17:42                               ` Stephen Smalley
2007-08-15 16:30                                 ` Casey Schaufler
2007-08-14 17:58                               ` David Howells
2007-08-14 17:50                           ` Stephen Smalley
2007-08-13 15:42               ` Casey Schaufler
2007-08-13 13:50         ` Stephen Smalley
2007-08-13 15:10           ` Casey Schaufler
2007-08-13 13:01       ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=10228.1187018526@redhat.com \
    --to=dhowells@redhat.com \
    --cc=akpm@osdl.org \
    --cc=casey@schaufler-ca.com \
    --cc=linux-cachefs@redhat.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=nfsv4@linux-nfs.org \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    --cc=steved@redhat.com \
    --cc=torvalds@osdl.org \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).