On Mon, May 04, 2009 at 06:23:27PM -0400, Theodore Tso wrote: > On Mon, May 04, 2009 at 02:18:54PM -0700, Joel Becker wrote: > > More thinking. It looks like we'll restrict reflink() to owners > > or people with CAP_FCHOWN. This prevents some quota DoS behavior. > > We need to pre-charge all quota. That means a reflink must be > > charged the entire size of the file. So, if I do: > > > > # dd if=/dev/zero bs=1M count=1 of=foo > > # reflink foo bar > > > > I am now charged 2MB of quota, even though foo and bar share the same > > 1MB of space. > > Yep; but as long as you do this, why do you need CAP_FCHOWN? Because the ownership doesn't change, and thus the person doing the reflink is effectively setting ownership. > Suppose Alice has a 1MB file, and Bob creates a reflink to it. The > reflink would be owned by Bob, and Bob would be charged the 1MB quota. > This mirrors exactly what happens if Bob were to make a copy of the > file, and we want to make the creation of reflink mirror a copy, right? It's more a link(2). The ownership, permissions, and attributes are identical to the original. -- "Always give your best, never get discouraged, never be petty; always remember, others may hate you. Those who hate you don't win unless you hate them. And then you destroy yourself." - Richard M. Nixon Joel Becker Principal Software Developer Oracle E-mail: joel.becker@xxxxxxxxxx Phone: (650) 506-8127 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
