On Thu, 14 Dec 2023 at 05:40, Donald Russell <russell....@gmail.com> wrote:

>
> Thanks Rob,
> Since >SFS uses a private work unit by default, doesn’t that mean it gets a
> new work unit before connecting to the sfs server? Diag d4 is done before
> the pipe command, so I’m expecting the new connection to appear to initiate
> from the altuser id.
>

And that means you specify the file such that the nose driver knows to use
>sfs and not go through the mini disk simulation on accessed SFS
directories...

>
> Am I misunderstanding what PIPE AHELP >SFS is telling me? What
> does”PRIVATE” mean in this context?
>

It means >sfs allocates a work unit specifically for that file, so nothing
else in the virtual machine observes the effect until the stage ends.

I know CMS caches persistent IUCV connections to the SFS server. I don't
recall playing with  D4 like this. I don't know whether CMS keeps track of
the identity while the IUCV connection was established, and knows to expire
that when things change.
You normally do the D4 very early in the life of the virtual machine, so
you can reason about the possible leakage of data between the  two
identities. I know from experience that once you try to aggregate rights
from different identities, things get very complicated. You could for
example link to a disk as user A and then identify as B and link another
disk. When you then run an application associated with A, you do that with
the privilege of user B.

Rob

Reply via email to