Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp790051ybf;
        Fri, 28 Feb 2020 07:41:14 -0800 (PST)
X-Google-Smtp-Source: APXvYqyrbQlwHk74gLv3I7bSLaS1xvGdnBRbrR3j2YqVFhGM/0ZK0n/CdQKomqfiNK14ELxbdXfq
X-Received: by 2002:a05:6830:1f0c:: with SMTP id u12mr3747159otg.253.1582904474522;
        Fri, 28 Feb 2020 07:41:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582904474; cv=none;
        d=google.com; s=arc-20160816;
        b=KdJ3GsDjzt9q/kT+5l53NgLulB/eOqJpAwtDynGrm/ieI+bIXivvspE3lgP35oXPXR
         RY03RfAomZTMxyGhbwFburHFf5tSGPr8VFoV2vMKaPu63nfxrvfBxgBLZ6BKKD690tnT
         sKQsd3ocMwhF8gzTtkY3drrusxl+UR3XYk3VXL+RUgr/+391eUwXMhf2CpQ2tmikxVtT
         s5okfmIdUFG0/+KCwd7wHHXW3bme6wkRTdfnQ11RpEqePOos5JLjKkyFfnyqaq+DQYkF
         fUmHOQWP36jn3OlI99i2lqNUImxwKaJgCdSbfyF2c28mwsEz2e3WlErSVkrtnMmH3iIU
         8ulw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=9LqrzC6b4MYZRRh7fElw2sFSCD8yqepAp1R1qGOOE9o=;
        b=NDoZpIDn95zSUwk/GcUp6F7W5ADpmRwbRKKMbSMuEzftTnMKk1kSUZVIhyUmOYY+G4
         qnkWpmJbrMyHVFzItdZS+XT94HroA/QUL1EFUqO88nWolq3YB6D5GT99Riv6nI+iNfrq
         KMEaMTTYQSZbL5YmAF3gn8KWRL+03eXDTCAMFHfjbCzvZtW7b6ZDNwjRO5E8wBZF1H74
         zTSDQc0DcGdsRlbcBe99EGxfhFLDb2eJTvEHy9tU1QldOaCuYkdrRTZeCVF7PaC4HvEu
         BZ8FuYs/F3DwTD0bVYXS2WKhd6FojXAHnymwPHaEgVc6XzzuSk4OaKJi+/9wUTdEDNgW
         Ekcw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=J8Yk12NM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z73si2122859oia.40.2020.02.28.07.41.02;
        Fri, 28 Feb 2020 07:41:14 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=J8Yk12NM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727244AbgB1PkV (ORCPT <rfc822;qidong1992@gmail.com>
        + 99 others); Fri, 28 Feb 2020 10:40:21 -0500
Received: from mail-io1-f66.google.com ([209.85.166.66]:39459 "EHLO
        mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727080AbgB1PkV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 28 Feb 2020 10:40:21 -0500
Received: by mail-io1-f66.google.com with SMTP id h3so3842010ioj.6
        for <linux-kernel@vger.kernel.org>; Fri, 28 Feb 2020 07:40:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=szeredi.hu; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=9LqrzC6b4MYZRRh7fElw2sFSCD8yqepAp1R1qGOOE9o=;
        b=J8Yk12NMM3aPoUGzMtUEGaWQFyt3fGjSMbPBBqAHvUe0SiUviOzH6VRNTh7x/BJ7Nk
         fo5M6inLsbXFrgRv1vvzEFHoaLLfvF0hcPU0nGmaPzvQ0XYHYF3wvsXRgaRhkpjx0NjV
         kUMeGbbANhNsXkeTJ9LhowDRAkP/N2ybtUnaA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=9LqrzC6b4MYZRRh7fElw2sFSCD8yqepAp1R1qGOOE9o=;
        b=O4KEOW//gH7qY9hIYaR94kbWqEaMVSnFuRldYAMlYl7eqqwyswJn4knLosX/BOUyPJ
         CkIp9cnxWJSS2kmvvIC/bRjIxuAB3KlHUjNF+2EZkG3vpWiHC9X6W1U7xqyn732SxdO0
         KfrKLXsybM02XVMo657ZuAEHZHgkU65F2SuJqD/O58KsSK19S2nov3TE+10z1nhppcb1
         O/D9MqqXODVmnpzFBXUb4r6OYO7Dmn6lGK3bHJ9b+LXeJvJZnAuef8s2wsOsV8g8xecq
         4obYRPHB6Vbtw2yclRAbu9rZzFBVIC44rHBJ3qhuVG8sPFmuebWoMaFbzjIfI8dskfto
         NXzQ==
X-Gm-Message-State: APjAAAWVZfgCbeakrD3UWKm4JAf6P6BVz2n3vlAw0HcT0eXd2Yq2BSIR
        F/L29hAkURNU8Yh8BhJY2uRkMYz8VVdIyFjBMg1Ipg==
X-Received: by 2002:a02:6a10:: with SMTP id l16mr3820784jac.77.1582904420636;
 Fri, 28 Feb 2020 07:40:20 -0800 (PST)
MIME-Version: 1.0
References: <CAOssrKehjnTwbc6A1VagM5hG_32hy3mXZenx_PdGgcUGxYOaLQ@mail.gmail.com>
 <1582556135.3384.4.camel@HansenPartnership.com> <CAJfpegsk6BsVhUgHNwJgZrqcNP66wS0fhCXo_2sLt__goYGPWg@mail.gmail.com>
 <a657a80e-8913-d1f3-0ffe-d582f5cb9aa2@redhat.com> <1582644535.3361.8.camel@HansenPartnership.com>
 <CAOssrKfaxnHswrKejedFzmYTbYivJ++cPes4c91+BJDfgH4xJA@mail.gmail.com>
 <1c8db4e2b707f958316941d8edd2073ee7e7b22c.camel@themaw.net>
 <CAJfpegtRoXnPm5_sMYPL2L6FCZU52Tn8wk7NcW-dm4_2x=dD3Q@mail.gmail.com>
 <3e656465c427487e4ea14151b77d391d52cd6bad.camel@themaw.net>
 <CAJfpegu5xLcR=QbAOnUrL49QTem6X6ok7nPU+kLFnNHdPXSh1A@mail.gmail.com>
 <20200227151421.3u74ijhqt6ekbiss@ws.net.home> <ba2b44cc1382c62be3ac896a5476c8e1dc7c0230.camel@themaw.net>
 <CAJfpeguXPmw+PfZJFOscGLm0oe7dUQY4CYXazx9=x020Fbe86A@mail.gmail.com> <1582902521.3338.20.camel@HansenPartnership.com>
In-Reply-To: <1582902521.3338.20.camel@HansenPartnership.com>
From:   Miklos Szeredi <miklos@szeredi.hu>
Date:   Fri, 28 Feb 2020 16:40:09 +0100
Message-ID: <CAJfpegtZ0EYhQYeUmqYNd+Y+K88g4P6BKahhtf7VkuXZoe_UYQ@mail.gmail.com>
Subject: Re: [PATCH 00/17] VFS: Filesystem information and notifications [ver #17]
To:     James Bottomley <James.Bottomley@hansenpartnership.com>
Cc:     Ian Kent <raven@themaw.net>, Karel Zak <kzak@redhat.com>,
        Miklos Szeredi <mszeredi@redhat.com>,
        Steven Whitehouse <swhiteho@redhat.com>,
        David Howells <dhowells@redhat.com>,
        viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <christian@brauner.io>,
        Jann Horn <jannh@google.com>,
        "Darrick J. Wong" <darrick.wong@oracle.com>,
        Linux API <linux-api@vger.kernel.org>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        lkml <linux-kernel@vger.kernel.org>,
        Lennart Poettering <lennart@poettering.net>,
        =?UTF-8?Q?Zbigniew_J=C4=99drzejewski=2DSzmek?= <zbyszek@in.waw.pl>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        util-linux@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Feb 28, 2020 at 4:09 PM James Bottomley
<James.Bottomley@hansenpartnership.com> wrote:

> Containers are file based entities, so file descriptors are their most
> natural thing and they have full ACL protection within the container
> (can't open the file, can't then get the fd).  The other reason
> container people like file descriptors (all the Xat system calls that
> have been introduced) is that if we do actually need to break the
> boundaries or privileges of the container, we can do so by getting the
> orchestration system to pass in a fd the interior of the container
> wouldn't have access to.

Yeah, agreed about the simplicity of fd based access.   Then again a
filesystem access would allow immediate access to all scripts,
languages, etc.  That, I think is a huge bonus compared to the
ioctl-like mess that the current proposal is, which would require
library, utility, language binding updates on all changes.  Ugh.

One way to resolve that is to have the mount information
magic-symlinked from /proc/PID/fdmount/FD directly to the mountinfo
dir, which would then have a link into the sbinfo dir.  With other
access denied to all except sysadmin.

Would that work?

Thanks,
Miklos