On Monday 16 April 2007 18:45, Christoph Hellwig wrote: > You should provide intent information, yes - which your patch didn't :) Well, the information implicitly provided is "no intent": In do_create() in ipc/mqueue.c intents would be pretty pointless because the mqueue filesystem is local. In fs/nfsd/vfs.c, intents would make slightly more sense assuming that the underlying filesystem eported via nfsd is remote. That's an optimization, and not even a very important one. > (Which btw, I expect to cause quite a few problems for apparmor or other > lsms, but I guess so far no one has tried them on NFSv4) Pathname wise, NFSv4 should look like any other filesystem on the client side. On the Server side, the concept of pathnames doesn't really fly for nfs: if a directory contains more than one link to the same file, there is no way to tell those aliases from each other from the file descriptor. In addition, computing even the somewhat ambiguous pathnames that can be computed would require subtree checking. But trying to confine nfsd is pretty pointless anyway: the deamon is privileged and can do whatever it wants. It makes more sense to export the right directories with the right permissions in the first place. Thanks, Andreas - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html