Re: [Lsf-pc] [LSF/MM ATTEND] Richacls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/13/2015 10:31 PM, Jan Kara wrote:

On Tue 13-01-15 16:16:13, J. Bruce Fields wrote:

On Tue, Jan 13, 2015 at 10:04:40PM +0100, Jan Kara wrote:

On Tue 13-01-15 12:40:29, J. Bruce Fields wrote:

If we modified the behavior to permit O_RDWR in this case, would that
cause anyone a problem?

   As others noted, this changes user visible behavior and I don't think we
can do that. In the discussion about user namespaces, we for example
specifically disallowed unpriviledged process to drop some group membership
exactly because it can actually result in process suddently being able to
access some files and reportedly there are setups which are using group
membership to *restrict* access.


Right, but look at the case above carefully again--it's *much* more
special than the one the container people hit.

You can absolutely still represent weird modes like 026 with a Richacl
and it will deny permissions in the traditional way.

   Ah, OK. You are right that Rich ACLs can express the use of a group to
restrict permissions.


Using the usual "if a tree fell in a forest and nobody heard it..."
criterion, I think this change would be unlikely to cause us trouble.

   On a second thought I agree.
I really don't think that changing the existing POSIX ACL behavior is an option here, or that representing POSIX ACLs as richacls internally makes a lot of sense. We'll be much better off having both models side by side.
Converting existing POSIX ACLs into richacls, for example for converting an entire file system, possibly offline, is relatively simple and straight forward -- and will be needed -- with the caveat that permissions will then start to accumulate.
Converting richacls into POSIX ACLs may occasionally be needed when migrating something back as well, but this operation is lossy in general, likely slow, there could be different policies like failing or dropping permissions when something cannot be represented exactly. By representing POSIX ACLs as richacls internally, that more complicated conversion would be needed all the time, even in the kernel, though. 

Thanks,
Andreas
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux