On Tue, 06 Jan 2009, Tetsuo Handa wrote: > Al, thank you very much for processing security_path_*() patch. > Now James is reviewing our patch and he suggested > following parts need your acknowledgments. > Will you review and ACK for introducing a variant of d_path()? > > -------------------- > Subject: Introduce d_realpath(). > > To remove factors that make pathname based access control difficult > (e.g. symbolic links, "..", "//", chroot() etc.), a variant of d_path() > which traverses up to the root of the namespace is needed. > > This patch introduces d_realpath(), a variant of d_path(). > While d_path() stops traversing at current->fs->root, > d_realpath() doesn't stop traversiong at current->fs->root. > > Three differences compared to d_path(). > (1) Ignores current process's root directory. I'd suggest calling __d_path() and passing in the namespace root instead of the process root. That would be a lot simpler and result in less code duplication. > (2) Trailing '/' is added if the pathname refers to a directory. Caller can do this. > (3) /proc/PID/ is represented as /proc/self/ if PID equals current->tgid. This too. Such hacks really don't belong in generic VFS functions. Thanks, Miklos -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
