Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp247501pxa; Wed, 12 Aug 2020 00:24:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzIEP2c24KtCvZLYvEEOpHh+9PHjwO/aKlmZypFRa2sCjKRGlAvf6FtU0tgluthyWg5VxOx X-Received: by 2002:a17:906:e218:: with SMTP id gf24mr31488169ejb.469.1597217075737; Wed, 12 Aug 2020 00:24:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597217075; cv=none; d=google.com; s=arc-20160816; b=xLCi+90FzU0nDNI8XtmVFiXyDcF7TnuF2M+dAmIcEeso2k/eTUckjDnXbnIdwEK4qF fwHs6s29DO8c97RBIEETXwwgQYdUA5euEDF+REEQGW23A1l8fyXr5imAVgd7DqZiUsl4 NAM9CieU24YNlPnPx+xgz8Bto29ChAhwgfSqKIEcvaaD1Qji45Nix7dHZKYSvtKVpkRq pLrTXAnZgN0quPrlj6Ow8F1PRwvzI3JvUCnhByV3R8HVDc1FqdjXvEl/9rQDvQJOxbCv 1SlTkOB+p7LV8aE7LcAOY6JKImc8taxhV/9Bt6GfdgQirZUhq3f4Me/BRjxt0VdzbToj Qb5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=lg7tpKojiLkoGCQU1MYzPSjyojMR+QIskvYi6fn1Dcc=; b=skQFBw527M9x7yf9gezg1J/1IrOz20TU4GuRfIiGOY1cvikq/an49sPeZ08KnY3XsI UDSKNyz3SZTvHmXcIgJc6rACjNvfwTQ+l05csZfIJmvIQ16IKFjuz0rww+9AaA5Vzu4A 3HykVAKuSdMtOGViI27X8Xazd6GMjryfbiOj8pWom1wSm7qPhXKdzm+hjGs4Tw0vsVHs DxXxlHa+Avb+hB1mwFfhRM+nUYT069P3yTC1TBnEljwLtB0+hYAT4dnOJWE9Cd1LqOuE MyXrGYl1YChYcxnfIjCXUKBl/9nJz/0/YMjt4KmejKqsqfjzW0Y2cIzLs6gY8J/MBPJS a42g== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=RxZhkT3n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x22si646049ejc.278.2020.08.12.00.24.12; Wed, 12 Aug 2020 00:24:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=RxZhkT3n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726803AbgHLHXh (ORCPT + 99 others); Wed, 12 Aug 2020 03:23:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37420 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726718AbgHLHXg (ORCPT ); Wed, 12 Aug 2020 03:23:36 -0400 Received: from mail-ej1-x642.google.com (mail-ej1-x642.google.com [IPv6:2a00:1450:4864:20::642]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29D52C061788 for ; Wed, 12 Aug 2020 00:23:36 -0700 (PDT) Received: by mail-ej1-x642.google.com with SMTP id o18so1136258eje.7 for ; Wed, 12 Aug 2020 00:23:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lg7tpKojiLkoGCQU1MYzPSjyojMR+QIskvYi6fn1Dcc=; b=RxZhkT3nxyiQK9MroBnY+vSTlOURG9xdAu71zIWR1pg9vScRFKcIDuCBeQMUdFuU1A 3wv0lvogAGNnDfaByrHt3tsVFN6Xhn5Pek99IKFvWIXr0Ps810awHCCXZ3Uuh8fzTK2b mPjF7t6mbAUVw21TFOvqFtyCMzyJ+j/Fzal8A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lg7tpKojiLkoGCQU1MYzPSjyojMR+QIskvYi6fn1Dcc=; b=saxaWzbVPLpV3n5UfjOz6xAtNaiSOkQRpqMnAQfOnbA2PlYu1BBFzCvL6GjQmXvhv6 1/1098Jyv5fzc13NSbHn79hWLHPMuNa4YBq2x7hWyQQjRMcTSltC5/x/MTGVNi47Amcc GE3GpgzgkIgUSkDc7hZazOcoI6I1Nb6LU0/1ReBPAZ/5RSS0+UXJUlLUeXaufhGumMsF sGUh0J6oR+GqCwkxiRbykT2q60mBv4oje+JPJPg1f90xPqiq8Zxt2crmXa9Sao67IRKT 3zsnYfPFpMPS634LOTZuOu2DGEA6kc39FX9B/Z3Q/fo3NFeRPf69kx5MPkWqVHa44U3e 8s3Q== X-Gm-Message-State: AOAM531ca6+HncN7TqLBL2yAWs+HgMZViswFePYqUimz2UNcTyo6b1t3 56N778aCBrKLjtuGW+TNjQHE7Q9/TpTPnzxj2kiyEg== X-Received: by 2002:a17:906:3c59:: with SMTP id i25mr29241264ejg.202.1597217014736; Wed, 12 Aug 2020 00:23:34 -0700 (PDT) MIME-Version: 1.0 References: <5C8E0FA8-274E-4B56-9B5A-88E768D01F3A@amacapital.net> In-Reply-To: From: Miklos Szeredi Date: Wed, 12 Aug 2020 09:23:23 +0200 Message-ID: Subject: Re: file metadata via fs API (was: [GIT PULL] Filesystem Information) To: Linus Torvalds Cc: Jann Horn , Casey Schaufler , Andy Lutomirski , linux-fsdevel , David Howells , Al Viro , Karel Zak , Jeff Layton , Miklos Szeredi , Nicolas Dichtel , Christian Brauner , Lennart Poettering , Linux API , Ian Kent , LSM , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 11, 2020 at 11:19 PM Linus Torvalds wrote: > > On Tue, Aug 11, 2020 at 1:56 PM Miklos Szeredi wrote: > > > > So that's where O_ALT comes in. If the application is consenting, > > then that should prevent exploits. Or? > > If the application is consenting AND GETS IT RIGHT it should prevent exploits. > > But that's a big deal. > > Why not just do it the way I suggested? Then you don't have any of these issues. Will do. I just want to understand the reasons why a unified namespace is completely out of the question. And I won't accept "it's just fugly" or "it's the way it's always been done, so don't change it". Those are not good reasons. Oh, I'm used to these "fights", had them all along. In hindsight I should have accepted others' advice in some of the cases, but in others that big argument turned out to be a complete non-issue. One such being inode and dentry duplication in the overlayfs case vs. in-built stacking in the union-mount case. There were a lot of issues with overlayfs, that's true, but dcache/icache size has NEVER actually been reported as a problem. While Al has a lot of experience, it's hard to accept all that anecdotal evidence just because he says it. Your worries are also just those: worries. They may turn out to be an issue or they may not. Anyway, starting with just introducing the alt namespace without unification seems to be a good first step. If that turns out to be workable, we can revisit unification later. Thanks, Miklos