From: ebiederm@xmission.com (Eric W. Biederman)
To: Christian Brauner <christian@brauner.io>
Cc: viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, seth.forshee@canonical.com,
serge@hallyn.com, containers@lists.linux-foundation.org
Subject: Re: [PATCH] Revert "vfs: Allow userns root to call mknod on owned filesystems."
Date: Thu, 05 Jul 2018 11:48:11 -0500 [thread overview]
Message-ID: <87lgapwrw4.fsf@xmission.com> (raw)
In-Reply-To: <20180705155120.22102-1-christian@brauner.io> (Christian Brauner's message of "Thu, 5 Jul 2018 17:51:20 +0200")
Nacked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Your description is usesless.
It needs to detail exactly what breaks, what regressions and why.
All I see below is hand waving.
We need to know why this does not work so someone does not come in and try
this again. Or so that someone can fix this and then try again.
You do not include that kind of information in your commit log.
Calling mknod to create device nodes can not be widespread. There are
not that many privileged processes and calling mknod outside of being
a specialed process like udev is broken.
Therefore I refute your assertion that this is a widespread issue.
I expect somewhere there is a reasonable argument for reverting this
change on the basis that it causes a regression. You have not made it.
Until that time I am going to oppose this revert because your
justfication for the revert is lacking.
It has never been the case that mknod on a device node will guarantee
that you even can open the device node. The applications that regress
are broken. It doesn't mean we shouldn't be bug compatible, but we darn
well should document very clearly the bugs we are being bug compatible
with.
Eric
next prev parent reply other threads:[~2018-07-05 16:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-05 15:51 [PATCH] Revert "vfs: Allow userns root to call mknod on owned filesystems." Christian Brauner
2018-07-05 16:48 ` Eric W. Biederman [this message]
2018-07-05 17:34 ` Christian Brauner
2018-07-05 17:36 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lgapwrw4.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=christian@brauner.io \
--cc=containers@lists.linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=seth.forshee@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox