On Tue, Feb 06, 2007 at 10:37:37AM +, Christoph Hellwig wrote:
> On Tue, Feb 06, 2007 at 09:26:14PM +1100, Neil Brown wrote:
> > What would be the benefit of having private non-visible vfsmounts?
> > Sounds like a recipe for confusion?
> >
> > It is possible that mountd might start doing bind-
On Wednesday 07 February 2007 08:25, Jeff Mahoney wrote:
> Chris Wright wrote:
> > * Andreas Gruenbacher ([EMAIL PROTECTED]) wrote:
> >> Reiserfs currently only marks the ".reiserfs_priv" directory as private,
> >> but not the files below it -- how about the attached patch to fix that?
> >
> > I do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Wright wrote:
> * Andreas Gruenbacher ([EMAIL PROTECTED]) wrote:
>> Reiserfs currently only marks the ".reiserfs_priv" directory as private, but
>> not the files below it -- how about the attached patch to fix that?
>
> I don't think that's rig
On Wed, 2007-02-07 at 07:43 -0800, Chris Wright wrote:
> * Andreas Gruenbacher ([EMAIL PROTECTED]) wrote:
> > Reiserfs currently only marks the ".reiserfs_priv" directory as private,
> > but
> > not the files below it -- how about the attached patch to fix that?
>
> I don't think that's right.
* Andreas Gruenbacher ([EMAIL PROTECTED]) wrote:
> Reiserfs currently only marks the ".reiserfs_priv" directory as private, but
> not the files below it -- how about the attached patch to fix that?
I don't think that's right. Look at ->create or ->lookup. Both of those
properly set the private
On Wed, Feb 07, 2007 at 01:58:15AM -0800, Andreas Gruenbacher wrote:
> > It's not actually a pathname we care about, but a vfsmount + dentry
> > combo. That one means as much in nfsd as elsewhere. We want nfsd
> > to obey r/o or noatime mount flags if /export/foo is exported with them
> > but /fo
On Tuesday 06 February 2007 01:47, Christoph Hellwig wrote:
> On Mon, Feb 05, 2007 at 07:20:35PM -0800, Andreas Gruenbacher wrote:
> > It's actually not hard to "fix", and nfsd would look a little less weird.
> > But what would this add, what do pathnames mean in the context of nfsd,
> > and would
Hi Trond,
On Tuesday 06 February 2007 00:51, Trond Myklebust wrote:
> > But there is no way to tell different hardlinks to the same inode in the
> > same directory from each other (both the file and directory inode are the
> > same), and depending on the export options, we may or may not be able t
On Tuesday 06 February 2007 01:52, Christoph Hellwig wrote:
> On Mon, Feb 05, 2007 at 06:13:26PM -0800, Andreas Gruenbacher wrote:
> > On Monday 05 February 2007 10:44, Christoph Hellwig wrote:
> > > Looking at the actual patches I see you're lazy in a lot of places.
> > > Please make sure that whe
On Tuesday 06 February 2007 04:55, Stephen Smalley wrote:
> On Mon, 2007-02-05 at 18:13 -0800, Andreas Gruenbacher wrote:
> > Reiserfs should probably just mark all its xattr inodes as private in
> > order to play nicely with other lsms. As far as pathname based lsms are
> > concerned, pathname
Tony Jones wrote:
> The following are a set of patches the goal of which is to pass vfsmounts
> through select portions of the VFS layer sufficient to be visible to the LSM
> inode operation hooks.
I was looking forward to these patches for so long.
Chris Wright wrote:
> This kind of change (or pe
On Mon, 2007-02-05 at 18:13 -0800, Andreas Gruenbacher wrote:
> On Monday 05 February 2007 10:44, Christoph Hellwig wrote:
> > Looking at the actual patches I see you're lazy in a lot of places.
> > Please make sure that when you introduce a vfsmount argument somewhere
> > that it is _always_ passe
On Tue, Feb 06, 2007 at 09:26:14PM +1100, Neil Brown wrote:
> What would be the benefit of having private non-visible vfsmounts?
> Sounds like a recipe for confusion?
>
> It is possible that mountd might start doing bind-mounts to create the
> 'pseudo filesystem' thing for NFSv4, but they would be
On Tuesday February 6, [EMAIL PROTECTED] wrote:
> On Tue, Feb 06, 2007 at 12:51:52AM -0800, Trond Myklebust wrote:
> > Who cares? There is no way to export a partial directory, and in any
> > case the subtree_check crap is borken beyond repair (see cross-directory
> > renames which lead to actual c
On Tuesday February 6, [EMAIL PROTECTED] wrote:
> On Mon, Feb 05, 2007 at 07:20:35PM -0800, Andreas Gruenbacher wrote:
> > It's actually not hard to "fix", and nfsd would look a little less weird.
> > But
> > what would this add, what do pathnames mean in the context of nfsd, and
> > would
> >
On Mon, Feb 05, 2007 at 06:13:26PM -0800, Andreas Gruenbacher wrote:
> On Monday 05 February 2007 10:44, Christoph Hellwig wrote:
> > Looking at the actual patches I see you're lazy in a lot of places.
> > Please make sure that when you introduce a vfsmount argument somewhere
> > that it is _always
On Tue, Feb 06, 2007 at 12:51:52AM -0800, Trond Myklebust wrote:
> Who cares? There is no way to export a partial directory, and in any
> case the subtree_check crap is borken beyond repair (see cross-directory
> renames which lead to actual changes to the filehandle - broken, broken,
> broken)
On Mon, Feb 05, 2007 at 07:20:35PM -0800, Andreas Gruenbacher wrote:
> It's actually not hard to "fix", and nfsd would look a little less weird. But
> what would this add, what do pathnames mean in the context of nfsd, and would
> nfsd actually become less weird?
It's not actually a pathname we
On Mon, 2007-02-05 at 19:20 -0800, Andreas Gruenbacher wrote:
> On Monday 05 February 2007 11:02, Christoph Hellwig wrote:
> > On Mon, Feb 05, 2007 at 10:58:26AM -0800, Trond Myklebust wrote:
> > > On Mon, 2007-02-05 at 18:44 +, Christoph Hellwig wrote:
> > > > Just FYI: Al was very opposed to
On Monday 05 February 2007 11:02, Christoph Hellwig wrote:
> On Mon, Feb 05, 2007 at 10:58:26AM -0800, Trond Myklebust wrote:
> > On Mon, 2007-02-05 at 18:44 +, Christoph Hellwig wrote:
> > > Just FYI: Al was very opposed to the idea of passing the vfsmount to
> > > the vfs_ helpers, so you sh
On Monday 05 February 2007 11:50, Chris Wright wrote:
> This kind of change (or perhaps straight to struct path) is definitely
> needed from AA.
I tried struct path; in terms of code size it doesn't seem worth it. We could
get identical code out of it as if we were passing the dentry and vfsmoun
On Monday 05 February 2007 10:44, Christoph Hellwig wrote:
> Looking at the actual patches I see you're lazy in a lot of places.
> Please make sure that when you introduce a vfsmount argument somewhere
> that it is _always_ passed and not just when it's conveniant. Yes, that's
> more work, but the
On Monday 05 February 2007 10:44, Christoph Hellwig wrote:
> Just FYI: Al was very opposed to the idea of passing the vfsmount to
> the vfs_ helpers, so you should discuss this with him.
The vfs_ helper functions are the ones calling the lsm hooks in many cases.
Any lsm that makes pathname based
--- Chris Wright <[EMAIL PROTECTED]> wrote:
> It's not really worth describing, since it's not
> acceptable in upstream.
> But it basically cycles vfsmnts and looks for
> matches to guess which
> part of the tree the dentry is in.
Yick. Indeed, that would be bad.
> This kind of change (or perh
* Casey Schaufler ([EMAIL PROTECTED]) wrote:
> > They are being posted now as a request for comment.
> > Presently the AppArmor
> > code - being a user of the LSM interface - does not
> > receive the vfsmount
> > correspoding to an operation and has to employ
> > convoluted and slow mechanisms
>
>
> Would it be possible for you to describe those
> methods? Perhaps there is a better way to go
> about getting the information you need without
> introducing this level of change.
the code did a full walk of the vfsmounts to find a match. Entirely
horrid!
There is no problem with such a medi
--- Tony Jones <[EMAIL PROTECTED]> wrote:
> Introduction
>
>
> The following are a set of patches the goal of which
> is to pass vfsmounts
> through select portions of the VFS layer sufficient
> to be visible to the LSM
> inode operation hooks.
>
> They are being posted now as a
* Trond Myklebust ([EMAIL PROTECTED]) wrote:
> On Mon, 2007-02-05 at 18:44 +, Christoph Hellwig wrote:
> > Just FYI: Al was very opposed to the idea of passing the vfsmount to
> > the vfs_ helpers, so you should discuss this with him.
> >
> > Looking at the actual patches I see you're lazy in
On Mon, Feb 05, 2007 at 10:58:26AM -0800, Trond Myklebust wrote:
> On Mon, 2007-02-05 at 18:44 +, Christoph Hellwig wrote:
> > Just FYI: Al was very opposed to the idea of passing the vfsmount to
> > the vfs_ helpers, so you should discuss this with him.
> >
> > Looking at the actual patches
On Mon, 2007-02-05 at 18:44 +, Christoph Hellwig wrote:
> Just FYI: Al was very opposed to the idea of passing the vfsmount to
> the vfs_ helpers, so you should discuss this with him.
>
> Looking at the actual patches I see you're lazy in a lot of places.
> Please make sure that when you intr
Just FYI: Al was very opposed to the idea of passing the vfsmount to
the vfs_ helpers, so you should discuss this with him.
Looking at the actual patches I see you're lazy in a lot of places.
Please make sure that when you introduce a vfsmount argument somewhere
that it is _always_ passed and not
Introduction
The following are a set of patches the goal of which is to pass vfsmounts
through select portions of the VFS layer sufficient to be visible to the LSM
inode operation hooks.
They are being posted now as a request for comment. Presently the AppArmor
code - being a user o
32 matches
Mail list logo
