Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261203AbUCXUH3 (ORCPT ); Wed, 24 Mar 2004 15:07:29 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261154AbUCXUFw (ORCPT ); Wed, 24 Mar 2004 15:05:52 -0500 Received: from parcelfarce.linux.theplanet.co.uk ([195.92.249.252]:24796 "EHLO www.linux.org.uk") by vger.kernel.org with ESMTP id S261179AbUCXUEq (ORCPT ); Wed, 24 Mar 2004 15:04:46 -0500 Date: Wed, 24 Mar 2004 20:04:44 +0000 From: viro@parcelfarce.linux.theplanet.co.uk To: John McCutchan Cc: rudi@lambda-computing.de, linux-kernel@vger.kernel.org, jamie@shareable.org, tridge@samba.org, torvalds@osdl.org, alexl@redhat.com, rml@ximian.com Subject: Re: [RFC,PATCH] dnotify: enhance or replace? Message-ID: <20040324200443.GS31500@parcelfarce.linux.theplanet.co.uk> References: <4061986E.6020208@gamemakers.de> <1080142815.8108.90.camel@localhost.localdomain> <1080146269.23224.5.camel@vertex> <4061BD2E.2060900@gamemakers.de> <1080158032.30769.13.camel@vertex> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1080158032.30769.13.camel@vertex> User-Agent: Mutt/1.4.1i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1908 Lines: 41 On Wed, Mar 24, 2004 at 02:53:52PM -0500, John McCutchan wrote: > - When user passes fd to kernel to watch, the kernel takes over this > fd, making it invalid in user space ( I know this is a terrible hack) > then when a volume is unmounted, the kernel can walk the list of > open fd's using for notifacation and close them, before attempting to > unmount. And if umount fails? BTW, _which_ umount? The sucker can be present in more than one place in more than one namespace. > - The user passes a path to the kernel, the kernel does some work so > that it can track anything to do with that path, and again when > an unmount is called the kernel cleans up anything used for > notification. Ditto. > Both of these ideas are similar, does anyone have a better idea? "Doctor, It Hurts When I Do It" Seriously, dnotify sucks in a lot of ways, starting with the basic premise - that userland can do notification-based maintainig of directory tree image. It's racy by definition, so any attempts to use it for "security improvements" are scam. Which leaves us with file manglers and their ilk. Note that any attempts to trace "aliases" in userland are hopelessly racy; that mounting/unmounting doesn't even show on the radar; that different users can see different parts of tree or, while we are at it, completely different trees; that this crap is a DDoS on a server that exports any sort of network filesystem to many clients - *especially* if you want notifications on the entire tree. IOW, idea is fundamentally flawed and IMO the real fix is to try and figure out a decent UI that would provide what file managers are really used for. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/