On Mon, May 04, 2009 at 12:59:39PM -0400, Stephen Smalley wrote: > On Tue, 2009-05-05 at 01:35 +1000, James Morris wrote: > > What's fundamentally different, though, that the process would only be > > able to then modify the data in a subsequent syscall? > > Since the data doesn't flow through the process at all, it can neither > be leaked nor modified by the process. Whereas normally the data would > be copied into the memory of the process (and potentially leaked > elsewhere) and the process could write any arbitrary data it liked to > the new file. As a result, one might be willing to allow reflink(2) in > situations where one would not be willing to allow a userspace file > copy. Oh, that's a good point. A process using reflink(2) to make a snapshot can do the snap but not modify. That's neat. Joel -- Life's Little Instruction Book #237 "Seek out the good in people." Joel Becker Principal Software Developer Oracle E-mail: joel.becker@xxxxxxxxxx Phone: (650) 506-8127 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
