Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp790051ybf; Fri, 28 Feb 2020 07:41:14 -0800 (PST) X-Google-Smtp-Source: APXvYqyrbQlwHk74gLv3I7bSLaS1xvGdnBRbrR3j2YqVFhGM/0ZK0n/CdQKomqfiNK14ELxbdXfq X-Received: by 2002:a05:6830:1f0c:: with SMTP id u12mr3747159otg.253.1582904474522; Fri, 28 Feb 2020 07:41:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582904474; cv=none; d=google.com; s=arc-20160816; b=KdJ3GsDjzt9q/kT+5l53NgLulB/eOqJpAwtDynGrm/ieI+bIXivvspE3lgP35oXPXR RY03RfAomZTMxyGhbwFburHFf5tSGPr8VFoV2vMKaPu63nfxrvfBxgBLZ6BKKD690tnT sKQsd3ocMwhF8gzTtkY3drrusxl+UR3XYk3VXL+RUgr/+391eUwXMhf2CpQ2tmikxVtT s5okfmIdUFG0/+KCwd7wHHXW3bme6wkRTdfnQ11RpEqePOos5JLjKkyFfnyqaq+DQYkF fUmHOQWP36jn3OlI99i2lqNUImxwKaJgCdSbfyF2c28mwsEz2e3WlErSVkrtnMmH3iIU 8ulw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=9LqrzC6b4MYZRRh7fElw2sFSCD8yqepAp1R1qGOOE9o=; b=NDoZpIDn95zSUwk/GcUp6F7W5ADpmRwbRKKMbSMuEzftTnMKk1kSUZVIhyUmOYY+G4 qnkWpmJbrMyHVFzItdZS+XT94HroA/QUL1EFUqO88nWolq3YB6D5GT99Riv6nI+iNfrq KMEaMTTYQSZbL5YmAF3gn8KWRL+03eXDTCAMFHfjbCzvZtW7b6ZDNwjRO5E8wBZF1H74 zTSDQc0DcGdsRlbcBe99EGxfhFLDb2eJTvEHy9tU1QldOaCuYkdrRTZeCVF7PaC4HvEu BZ8FuYs/F3DwTD0bVYXS2WKhd6FojXAHnymwPHaEgVc6XzzuSk4OaKJi+/9wUTdEDNgW Ekcw== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=J8Yk12NM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z73si2122859oia.40.2020.02.28.07.41.02; Fri, 28 Feb 2020 07:41:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=J8Yk12NM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727244AbgB1PkV (ORCPT + 99 others); Fri, 28 Feb 2020 10:40:21 -0500 Received: from mail-io1-f66.google.com ([209.85.166.66]:39459 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727080AbgB1PkV (ORCPT ); Fri, 28 Feb 2020 10:40:21 -0500 Received: by mail-io1-f66.google.com with SMTP id h3so3842010ioj.6 for ; Fri, 28 Feb 2020 07:40:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9LqrzC6b4MYZRRh7fElw2sFSCD8yqepAp1R1qGOOE9o=; b=J8Yk12NMM3aPoUGzMtUEGaWQFyt3fGjSMbPBBqAHvUe0SiUviOzH6VRNTh7x/BJ7Nk fo5M6inLsbXFrgRv1vvzEFHoaLLfvF0hcPU0nGmaPzvQ0XYHYF3wvsXRgaRhkpjx0NjV kUMeGbbANhNsXkeTJ9LhowDRAkP/N2ybtUnaA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9LqrzC6b4MYZRRh7fElw2sFSCD8yqepAp1R1qGOOE9o=; b=O4KEOW//gH7qY9hIYaR94kbWqEaMVSnFuRldYAMlYl7eqqwyswJn4knLosX/BOUyPJ CkIp9cnxWJSS2kmvvIC/bRjIxuAB3KlHUjNF+2EZkG3vpWiHC9X6W1U7xqyn732SxdO0 KfrKLXsybM02XVMo657ZuAEHZHgkU65F2SuJqD/O58KsSK19S2nov3TE+10z1nhppcb1 O/D9MqqXODVmnpzFBXUb4r6OYO7Dmn6lGK3bHJ9b+LXeJvJZnAuef8s2wsOsV8g8xecq 4obYRPHB6Vbtw2yclRAbu9rZzFBVIC44rHBJ3qhuVG8sPFmuebWoMaFbzjIfI8dskfto NXzQ== X-Gm-Message-State: APjAAAWVZfgCbeakrD3UWKm4JAf6P6BVz2n3vlAw0HcT0eXd2Yq2BSIR F/L29hAkURNU8Yh8BhJY2uRkMYz8VVdIyFjBMg1Ipg== X-Received: by 2002:a02:6a10:: with SMTP id l16mr3820784jac.77.1582904420636; Fri, 28 Feb 2020 07:40:20 -0800 (PST) MIME-Version: 1.0 References: <1582556135.3384.4.camel@HansenPartnership.com> <1582644535.3361.8.camel@HansenPartnership.com> <1c8db4e2b707f958316941d8edd2073ee7e7b22c.camel@themaw.net> <3e656465c427487e4ea14151b77d391d52cd6bad.camel@themaw.net> <20200227151421.3u74ijhqt6ekbiss@ws.net.home> <1582902521.3338.20.camel@HansenPartnership.com> In-Reply-To: <1582902521.3338.20.camel@HansenPartnership.com> From: Miklos Szeredi Date: Fri, 28 Feb 2020 16:40:09 +0100 Message-ID: Subject: Re: [PATCH 00/17] VFS: Filesystem information and notifications [ver #17] To: James Bottomley Cc: Ian Kent , Karel Zak , Miklos Szeredi , Steven Whitehouse , David Howells , viro , Christian Brauner , Jann Horn , "Darrick J. Wong" , Linux API , linux-fsdevel , lkml , Lennart Poettering , =?UTF-8?Q?Zbigniew_J=C4=99drzejewski=2DSzmek?= , Greg Kroah-Hartman , util-linux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 28, 2020 at 4:09 PM James Bottomley wrote: > Containers are file based entities, so file descriptors are their most > natural thing and they have full ACL protection within the container > (can't open the file, can't then get the fd). The other reason > container people like file descriptors (all the Xat system calls that > have been introduced) is that if we do actually need to break the > boundaries or privileges of the container, we can do so by getting the > orchestration system to pass in a fd the interior of the container > wouldn't have access to. Yeah, agreed about the simplicity of fd based access. Then again a filesystem access would allow immediate access to all scripts, languages, etc. That, I think is a huge bonus compared to the ioctl-like mess that the current proposal is, which would require library, utility, language binding updates on all changes. Ugh. One way to resolve that is to have the mount information magic-symlinked from /proc/PID/fdmount/FD directly to the mountinfo dir, which would then have a link into the sbinfo dir. With other access denied to all except sysadmin. Would that work? Thanks, Miklos