On Sun, 2019-12-01 at 09:04 +0200, Amir Goldstein wrote: > Hi James! > > On Sat, Nov 30, 2019 at 11:21 PM James Bottomley > <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > > In order to prepare for implementing shiftfs as a property changing > > bind mount, the path (which contains the vfsmount) must be threaded > > through everywhere we are going to do either a permission check or > > an > > I am curious how bind/shift mount is expected to handle > inode_permission(). I should be posting the initial patch soon, so you can see. However the principle is pretty simple: at the top of the API you have to install a fsuid/fsgid shifted override credential if the vfsmount is marked for shifting. To make that determination you need the path at all those points, hence this patch. However, anywhere in the stack after this, you can make the determination either by the vfsmount flag or by recognizing the shifted credential. The latter is how I do this in inode_permission > Otherwise, I am fine with the change, short of some style comments > below... OK, will fix for v2. James