Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932330AbcCKOCB (ORCPT ); Fri, 11 Mar 2016 09:02:01 -0500 Received: from lxorguk.ukuu.org.uk ([81.2.110.251]:37978 "EHLO lxorguk.ukuu.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932266AbcCKOBr (ORCPT ); Fri, 11 Mar 2016 09:01:47 -0500 Date: Fri, 11 Mar 2016 13:59:52 +0000 From: One Thousand Gnomes To: Ric Wheeler Cc: Linus Torvalds , "Theodore Ts'o" , Gregory Farnum , Dave Chinner , "Martin K. Petersen" , Christoph Hellwig , "Darrick J. Wong" , Jens Axboe , Andrew Morton , Linux API , Linux Kernel Mailing List , shane.seymour@hpe.com, Bruce Fields , linux-fsdevel , Jeff Layton , Eric Sandeen Subject: Re: [PATCH 2/2] block: create ioctl to discard-or-zeroout a range of blocks Message-ID: <20160311135952.57a44931@lxorguk.ukuu.org.uk> In-Reply-To: <56E24CA5.3030702@redhat.com> References: <20160302040947.16685.42926.stgit@birch.djwong.org> <20160302225601.GB21890@birch.djwong.org> <20160303180924.GA4116@infradead.org> <20160303223952.GE24012@thunk.org> <20160303231050.GU29057@dastard> <20160309230819.GB3949@thunk.org> <56E18B9B.5070503@gmail.com> <56E24CA5.3030702@redhat.com> Organization: Intel Corporation X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.29; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 712 Lines: 15 > > We can do the security check at the filesystem level, because we have > > sb->s_bdev->bd_inode, and if you have read and write permissions to > > that inode, you might as well have permission to create a unsafe hole. Not if you don't have access to a block device node to open it, or there are SELinux rules that control the access. There are cases it isn't entirely the same thing as far as I can see. Consider within a container for example. The paranoid approach would IMHO to have a mount option so you can explicitly declare a file system mount should trust its owner/group and then that can also be used to wire up any other "unsafe" activities in a general "mounted for a special use" option. Alan