On Fri, Mar 04, 2016 at 10:10:50AM +1100, Dave Chinner wrote: > You can tempt all you want, but it does not change the basic fact > that it is dangerous and compromises system security. As such, it > does not belong in upstream kernels. Especially in this day and age > where ensuring the fundamental integrity of our systems is more > important than ever. The fact of the matter is as there are more user-space servers for cluster file systems which are trusted to do the right thing, and are considered inside the TCB, the demand for this is going to strong. We do actually use a group id to provide access control to what is admittedly a dangerous feature, so it's not available for all userspace callers, and we didn't want the file server to run as root. But I'll let the Ceph folks advocate internally for such a feature to be shipped in RHEL if they feel strongly about it, and if later one we want to come to an agreement about a better access control mechanism than membership in a privileged group id passed in as a mount option, I'm not wedded to that facility. I didn't think it was worth cracking open a new capability bit, but if we want to go down that route, or some other route to provide the appropriate security controls, we should definitely talk about it. Cheers, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
