> It sounds like a good idea, but cluster filesystems will need to clear > the flag when they update their in-core inodes. Without that we could > have: > > Node A looks up inode and sets S_NOSEC since its not suid > Node B does chmod +s on the inode > Node A now has S_NOSEC set, but inode is suid, so writes don't clear > suid Good point. I assume that's also true for network file systems. This would essentially argue that for those putting the helper into the inode read paths is not optional. I'll look into this later. > - flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC); > + flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC|S_NOSEC); > + if (!is_sxid(inode->i_mode)) > + flags |= S_NOSEC; Doesn't that need a check for no xattr too? or do you not support those currently? Note I added a helper for this in the latest version: inode_has_no_xattr() -Andi -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
