Colin Cross wrote: > On Mon, Jun 24, 2013 at 4:48 AM, Christoph Hellwig <hch@xxxxxxxxxxxxx> > wrote: >> On Sat, Jun 22, 2013 at 12:47:29PM -0700, Alex Elsayed wrote: >>> Couldn't this be done by having a root-only tmpfs, and having a >>> userspace component that creates per-app directories with restrictive >>> permissions on startup/app install? Then each app creates files in its >>> own directory, and can pass the fds around. > > If each app gets its own writable directory that's not really > different than a world writable tmpfs. It requires something that > watches for apps to exit for any reason and cleans up their > directories, and it requires each app to come up with an unused name > when it wants to create a file, and the kernel can give you both very > cleanly. Not so far as I can tell. I'm thinking specifically in the Android model of 'one user per app', and as I see it the issues with a world writable tmpfs would be: 1.) Race conditions and all the sticky bit bugs of history - app A tries to create file foo, but app C is doing the same. This is resolved with per-app directories and restrictive permissions. 2.) Resource exhaustion - implementing this for a mmap'ed device node as described in HCH's mail would amount to implementing some sort of quota support. A world-writable tmpfs would require user quotas. A dir-per-app tmpfs could mount a separate, limited tmpfs on each even in the absence of user quotas, and mount -o remount,size=$foo works to change those limits (within certain bounds of behavior). 3.) Cleanup - doing this with a device makes it simple, yes; once the FDs are closed the mapping goes away. But if the only way the mapping gets shared is via FD passing, and your users are all via a platform library, unlink() after open(O_CREAT) would get you the same behavior as I understand it. At that point, the only thing to clean up is the per-app directory itself, which can be done on app uninstall IIUC. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>