Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp3236441imc; Wed, 13 Mar 2019 12:21:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqxmjiH4fD70F//hp5ZXfYNVIoi1yO03apo1VagD/lV+IKsXPag5SXR5epYIndzpI1RC6zUt X-Received: by 2002:aa7:838c:: with SMTP id u12mr45149153pfm.189.1552504865278; Wed, 13 Mar 2019 12:21:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552504865; cv=none; d=google.com; s=arc-20160816; b=rsjXV3yAQBLPDU4ABJ/36sarzVNH7dERJYyV4/qyafrrUKF9fxWDPQLNXhNb2eK6Tc b5aaXwjOK9hkYXTPc7zkn/6tFR124mcfbbpF1RMeKUO11TwDf++qY0Tae717HiyDwkjS bvxf2V6IWyubIpuk1YMjiTdxknENsBuUU1riTbZJjxQpUdpbmSRmBBswUhOkAMnC7ov3 43JZvhs3qQfedeTBy+zdqWr0+J2l0pJowCbYvrj4t5zrRyVnimJgkTlHrG510/WJANQv Hkl9qYUXW+ZTkTINvzTL0hENx04NT1LRxDdMuZX9UT7peQiE1AObGCpR8iRRRTx0Xxcr uZgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=u7OM6q7yOkVhxgJ6lNN3ELj7wfaPIC0kN6ROhITp/08=; b=HNGJllO+AoFi0XrZt1E5t5oq6VANR6xagpXi47CsTvQRYIHUM50LsL2/OPpfqMnSad 6vlqE5PUXMw5LF+5ao1Yk98VEChfptU0puoCHFgTfFeccDxMMQVfz+T5625zrBGCq9qO AqAJUHHlJM16Khj6TR2K3IPlIbAlYolJUFqhd94Kfsdr94GDrsG5PGzD9lj8dWUwyxCi G5bCvk40kQzpTfUh+8rVUuc7kSsosfU9bsQywbtwDNiavhUZn+w5SGX7uQhWdaxXbEeg ZjNrOlfrKTBDZ9FMgLM4facNs7OhvButV3N2WRmmzpfUCUXZrxerdzk48tDXr+kC6e3q fjmQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n7si11631787plk.85.2019.03.13.12.20.48; Wed, 13 Mar 2019 12:21:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728986AbfCMTT5 (ORCPT + 99 others); Wed, 13 Mar 2019 15:19:57 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:34710 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728695AbfCMTTy (ORCPT ); Wed, 13 Mar 2019 15:19:54 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92 #3 (Red Hat Linux)) id 1h49Pm-0007l8-7E; Wed, 13 Mar 2019 19:19:46 +0000 Date: Wed, 13 Mar 2019 19:19:46 +0000 From: Al Viro To: Eric Biggers Cc: Theodore Ts'o , Amir Goldstein , Richard Weinberger , Miklos Szeredi , linux-fsdevel , linux-fscrypt@vger.kernel.org, overlayfs , linux-kernel , Paul Lawrence Subject: Re: overlayfs vs. fscrypt Message-ID: <20190313191945.GT2217@ZenIV.linux.org.uk> References: <4603533.ZIfxmiEf7K@blindfold> <1854703.ve7plDhYWt@blindfold> <4066872.KGdO14EQMx@blindfold> <20190313151633.GA672@mit.edu> <20190313160616.GR2217@ZenIV.linux.org.uk> <20190313164432.GE703@sol.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190313164432.GE703@sol.localdomain> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 13, 2019 at 09:44:33AM -0700, Eric Biggers wrote: > > Just to make sure - you do realize that ban on multiple dentries refering > > to the same directory inode is *NOT* conditional upon those dentries being > > hashed, right? > > Isn't this handled by d_splice_alias() already, by moving the old dentry to the > new name? ... which means that if somebody without the key chdirs into subdirectory they only see by encrypted name and waits for proper owner to look it up, they suddenly see it by _un_encrypted name. Or does O_PATH open, for that matter, so exec permissions on that thing are not required.