From: Johannes Berg <johannes@sipsolutions.net>
To: Jamal Hadi Salim <jhs@mojatatu.com>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
Michal Kubecek <mkubecek@suse.cz>
Cc: linux-wireless@vger.kernel.org, netdev@vger.kernel.org, jbenc@redhat.com
Subject: Re: [PATCH 1/2] netlink: add NLA_REJECT policy type
Date: Tue, 18 Sep 2018 14:57:21 +0200 [thread overview]
Message-ID: <1537275441.2957.26.camel@sipsolutions.net> (raw)
In-Reply-To: <26dd9a66-9515-93aa-e21f-51c37db6be2c@mojatatu.com> (sfid-20180918_145515_710821_B5A2C6C9)
On Tue, 2018-09-18 at 08:55 -0400, Jamal Hadi Salim wrote:
> Execute permission kind of thing? i.e if i understood you correctly
> if acl is "rwx" then attribute can only be written to (or read from) if
> the "thing executing" is complete
But it's not an attribute that you're executing, it's some kind of
command, and then you get the return value of that command in that
attribute?
Say you want to scan for wifi networks - you trigger a scan, later you
get a notification giving you some data about the scan (let's say the
time it took) - there's no way you can set that time attribute.
(NB: it doesn't work this way, we don't have that attribute now, but I
didn't want to pick a more complicated example)
> > What would the practical difference be though? Hopefully you wouldn't
> > have write-only attributes, and then NLA_REJECT is basically equivalent?
> >
>
> If ACL says "-w-" then reading should get explicit permission denied
> code possibly with an extack which is more descriptive that reading
> is not allowed.
Perhaps. But NLA_REJECT comes with an extack string to tell you, so ...
I dunno. I think we already bloated the policies too much by including
the validation_data pointer, and would hate to add more to that :-)
johannes
next prev parent reply other threads:[~2018-09-18 18:30 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-13 8:46 [PATCH 1/2] netlink: add NLA_REJECT policy type Johannes Berg
2018-09-13 8:46 ` [PATCH 2/2] netlink: add ethernet address policy types Johannes Berg
[not found] ` <20180913084603.7979-2-johannes-cdvu00un1VgdHxzADdlk8Q@public.gmane.org>
2018-09-13 11:58 ` Michal Kubecek
2018-09-13 12:02 ` Johannes Berg
2018-09-13 12:12 ` Michal Kubecek
2018-09-13 12:16 ` Johannes Berg
[not found] ` <1536840966.4160.6.camel-cdvu00un1VgdHxzADdlk8Q@public.gmane.org>
2018-09-13 12:24 ` Michal Kubecek
[not found] ` <20180913122412.GI29691-OEaqT8BN2ewCVLCxKZUutA@public.gmane.org>
2018-09-13 12:46 ` Johannes Berg
2018-09-13 16:03 ` Michal Kubecek
2018-09-13 19:41 ` Marcelo Ricardo Leitner
2018-09-13 20:39 ` Michal Kubecek
2018-09-17 7:45 ` Johannes Berg
2018-09-13 10:49 ` [PATCH 1/2] netlink: add NLA_REJECT policy type Michal Kubecek
[not found] ` <20180913104955.GE29691-OEaqT8BN2ewCVLCxKZUutA@public.gmane.org>
2018-09-13 11:25 ` Johannes Berg
2018-09-13 12:05 ` Michal Kubecek
2018-09-13 19:20 ` Marcelo Ricardo Leitner
2018-09-13 20:43 ` Michal Kubecek
2018-09-13 19:30 ` Marcelo Ricardo Leitner
2018-09-13 21:27 ` Michal Kubecek
2018-09-13 21:58 ` Marcelo Ricardo Leitner
[not found] ` <20180913215839.GI27095-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2018-09-17 9:38 ` Johannes Berg
2018-09-17 20:17 ` Marcelo Ricardo Leitner
[not found] ` <1537177132.2957.6.camel-cdvu00un1VgdHxzADdlk8Q@public.gmane.org>
2018-09-18 12:34 ` Jamal Hadi Salim
2018-09-18 12:39 ` Johannes Berg
2018-09-18 12:55 ` Jamal Hadi Salim
2018-09-18 12:57 ` Johannes Berg [this message]
2018-09-18 13:12 ` Jamal Hadi Salim
2018-09-18 16:42 ` Johannes Berg
2018-09-13 22:59 ` David Miller
[not found] ` <20180913.155934.742447935316828936.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2018-09-17 9:39 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1537275441.2957.26.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=jbenc@redhat.com \
--cc=jhs@mojatatu.com \
--cc=linux-wireless@vger.kernel.org \
--cc=marcelo.leitner@gmail.com \
--cc=mkubecek@suse.cz \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).