On Tue, Mar 30, 2021 at 2:17 PM Christian Brauner
<christian.brauner@xxxxxxxxxx> wrote:
> The only thing that is a bit unpleasant here is that this change
> breaks the consistency between the creation helpers:
>
> do_mkdirat()
> do_symlinkat()
> do_linkat()
> do_mknodat()
>
> All but of them currently take
> const char __user *pathname
> and call
> user_path_create()
> with that do_mkdirat() change that's no longer true. One of the major
> benefits over the recent years in this code is naming and type consistency.
> And since it's just matter of time until io_uring will also gain support
> for do_{symlinkat,linkat,mknodat} I would think switching all of them to
> take a struct filename
> and then have all do_* helpers call getname() might just be nicer in the
> long run.
So, I've finally got some time to look into this. do_mknodat() and
do_symlinkat() are easy. But do_linkat() is more complicated, I could use some
hints as to what's the reasonable way to implement the change.
The problem is linkat() requires CAP_DAC_READ_SEARCH capability if AT_EMPTY_PATH
flag is passed. Right now do_linkat checks the capability before calling
getname_flags (essentially). If do_linkat is changed to accept struct filename
then there is no bulletproof way to force CAP_DAC_READ_SEARCH presence (e.g. if
for whatever reason AT_EMPTY_PATH is not in flags passed to do_linkat). Also, it
means that the caller is responsible to process AT_EMPTY_PATH in the first
place, which means logic duplication.
Any ideas what's the best way to approach this?
Thanks.
--
Dmitry Kadashev
