On Fri, Nov 06, 2020 at 02:55:11PM +0100, Miklos Szeredi wrote: > On Fri, Oct 9, 2020 at 8:16 PM Vivek Goyal <vgoyal@xxxxxxxxxx> wrote: > > > > With FUSE_HANDLE_KILLPRIV_V2 support, server will need to kill > > suid/sgid/security.capability on open(O_TRUNC), if server supports > > FUSE_ATOMIC_O_TRUNC. > > > > But server needs to kill suid/sgid only if caller does not have > > CAP_FSETID. Given server does not have this information, client > > needs to send this info to server. > > > > So add a flag FUSE_OPEN_KILL_PRIV to fuse_open_in request which tells > > server to kill suid/sgid(only if group execute is set). > > This is needed for FUSE_CREATE as well (which may act as a normal open > in case the file exists, and no O_EXCL was specified), right? Hi Miklos, IIUC, In current code we seem to use FUSE_CREATE only if file does not exist. If file exists, then we probably will take FUSE_OPEN path. Are you concerned about future proofing where somebody decides to use FUSE_CREATE for create + open on a file which exists. If yes, I agree that patching FUSE_CREATE makes sense. > > I can edit the patch, if you agree. Please do. Thanks Vivek
