[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87mv004p0t.fsf@xmission.com>
Date: Thu, 22 Feb 2018 16:50:58 -0600
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Miklos Szeredi <mszeredi@...hat.com>
Cc: lkml <linux-kernel@...r.kernel.org>,
Linux Containers <containers@...ts.linux-foundation.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Alban Crequy <alban@...volk.io>,
Seth Forshee <seth.forshee@...onical.com>,
Sargun Dhillon <sargun@...gun.me>,
Dongsu Park <dongsu@...volk.io>,
"Serge E. Hallyn" <serge@...lyn.com>
Subject: Re: [PATCH v6 4/5] fuse: Ensure posix acls are translated outside of init_user_ns
ebiederm@...ssion.com (Eric W. Biederman) writes:
> Miklos Szeredi <mszeredi@...hat.com> writes:
>
>> On Wed, Feb 21, 2018 at 9:29 PM, Eric W. Biederman
>> <ebiederm@...ssion.com> wrote:
>>> Ensure the translation happens by failing to read or write
>>> posix acls when the filesystem has not indicated it supports
>>> posix acls.
>>
>> For the first iteration this is fine, but we could convert the raw
>> xattrs as well, if we later want to, right?
>
> I will say maybe. This is tricky. The code would not be too hard,
> and the function to do the work posix_acl_fix_xattr_userns already
> exists in fs/posix_acl.c
>
> I don't actually expect that to work longterm. I expect the direction
> the kernel internals are moving is that all filesystems that implement
> posix acls will be expected to implement .get_acl and .set_acl.
>
> I would have to reread the old thread that got us to this point with
> posix acls before I could really understand the backwards compatible
> fuse use case, and I would have to reread the rest of the acl processing
> in the kernel before I could recall exactly what makes sense.
>
> If there was an obvious way to whitelist xattrs that fuse can support
> for user namespaces I think I would go for that. Just to avoid future
> problems with future xattrs.
I am remembering why this is such a sticky issue.
Today when a posix acl is read from user space the code does:
posix_acl_to_xattr(&init_user_ns, ...) in posix_acl_xattr_get
posix_acl_fix_xattr_to_user() in getxattr
Similary when a posix acl is written from user space the code does:
posix_acl_fix_xattr_from_user() in setxattr
posix_acl_from_xattr(&init_user_us, ...) in posix_acl_xattr_set
If every posix acl supporting filesystem in the kernel would use
posix_acl_access_xattr_handler and posix_acl_default_xattr_handler the
function posix_acl_fix_xattr_to_user and posix_acl_fix_xattr_from_user
and posix_acl_fix_xattr_userns could all be removed and the posix acl
handling could be that little bit simpler and faster.
So if we could figure out how to use the generic acl support for the old
brand of fuse filesystems that don't set FUSE_POSIX_ACL it would be much
easier to support them long term.
Eric
Powered by blists - more mailing lists