Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp247501pxa;
        Wed, 12 Aug 2020 00:24:35 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzIEP2c24KtCvZLYvEEOpHh+9PHjwO/aKlmZypFRa2sCjKRGlAvf6FtU0tgluthyWg5VxOx
X-Received: by 2002:a17:906:e218:: with SMTP id gf24mr31488169ejb.469.1597217075737;
        Wed, 12 Aug 2020 00:24:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1597217075; cv=none;
        d=google.com; s=arc-20160816;
        b=xLCi+90FzU0nDNI8XtmVFiXyDcF7TnuF2M+dAmIcEeso2k/eTUckjDnXbnIdwEK4qF
         fwHs6s29DO8c97RBIEETXwwgQYdUA5euEDF+REEQGW23A1l8fyXr5imAVgd7DqZiUsl4
         NAM9CieU24YNlPnPx+xgz8Bto29ChAhwgfSqKIEcvaaD1Qji45Nix7dHZKYSvtKVpkRq
         pLrTXAnZgN0quPrlj6Ow8F1PRwvzI3JvUCnhByV3R8HVDc1FqdjXvEl/9rQDvQJOxbCv
         1SlTkOB+p7LV8aE7LcAOY6JKImc8taxhV/9Bt6GfdgQirZUhq3f4Me/BRjxt0VdzbToj
         Qb5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=lg7tpKojiLkoGCQU1MYzPSjyojMR+QIskvYi6fn1Dcc=;
        b=skQFBw527M9x7yf9gezg1J/1IrOz20TU4GuRfIiGOY1cvikq/an49sPeZ08KnY3XsI
         UDSKNyz3SZTvHmXcIgJc6rACjNvfwTQ+l05csZfIJmvIQ16IKFjuz0rww+9AaA5Vzu4A
         3HykVAKuSdMtOGViI27X8Xazd6GMjryfbiOj8pWom1wSm7qPhXKdzm+hjGs4Tw0vsVHs
         DxXxlHa+Avb+hB1mwFfhRM+nUYT069P3yTC1TBnEljwLtB0+hYAT4dnOJWE9Cd1LqOuE
         MyXrGYl1YChYcxnfIjCXUKBl/9nJz/0/YMjt4KmejKqsqfjzW0Y2cIzLs6gY8J/MBPJS
         a42g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=RxZhkT3n;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x22si646049ejc.278.2020.08.12.00.24.12;
        Wed, 12 Aug 2020 00:24:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=RxZhkT3n;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726803AbgHLHXh (ORCPT <rfc822;rajatbajpailinux@gmail.com>
        + 99 others); Wed, 12 Aug 2020 03:23:37 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37420 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726718AbgHLHXg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 Aug 2020 03:23:36 -0400
Received: from mail-ej1-x642.google.com (mail-ej1-x642.google.com [IPv6:2a00:1450:4864:20::642])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29D52C061788
        for <linux-kernel@vger.kernel.org>; Wed, 12 Aug 2020 00:23:36 -0700 (PDT)
Received: by mail-ej1-x642.google.com with SMTP id o18so1136258eje.7
        for <linux-kernel@vger.kernel.org>; Wed, 12 Aug 2020 00:23:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=szeredi.hu; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=lg7tpKojiLkoGCQU1MYzPSjyojMR+QIskvYi6fn1Dcc=;
        b=RxZhkT3nxyiQK9MroBnY+vSTlOURG9xdAu71zIWR1pg9vScRFKcIDuCBeQMUdFuU1A
         3wv0lvogAGNnDfaByrHt3tsVFN6Xhn5Pek99IKFvWIXr0Ps810awHCCXZ3Uuh8fzTK2b
         mPjF7t6mbAUVw21TFOvqFtyCMzyJ+j/Fzal8A=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=lg7tpKojiLkoGCQU1MYzPSjyojMR+QIskvYi6fn1Dcc=;
        b=saxaWzbVPLpV3n5UfjOz6xAtNaiSOkQRpqMnAQfOnbA2PlYu1BBFzCvL6GjQmXvhv6
         1/1098Jyv5fzc13NSbHn79hWLHPMuNa4YBq2x7hWyQQjRMcTSltC5/x/MTGVNi47Amcc
         GE3GpgzgkIgUSkDc7hZazOcoI6I1Nb6LU0/1ReBPAZ/5RSS0+UXJUlLUeXaufhGumMsF
         sGUh0J6oR+GqCwkxiRbykT2q60mBv4oje+JPJPg1f90xPqiq8Zxt2crmXa9Sao67IRKT
         3zsnYfPFpMPS634LOTZuOu2DGEA6kc39FX9B/Z3Q/fo3NFeRPf69kx5MPkWqVHa44U3e
         8s3Q==
X-Gm-Message-State: AOAM531ca6+HncN7TqLBL2yAWs+HgMZViswFePYqUimz2UNcTyo6b1t3
        56N778aCBrKLjtuGW+TNjQHE7Q9/TpTPnzxj2kiyEg==
X-Received: by 2002:a17:906:3c59:: with SMTP id i25mr29241264ejg.202.1597217014736;
 Wed, 12 Aug 2020 00:23:34 -0700 (PDT)
MIME-Version: 1.0
References: <CAHk-=wjzLmMRf=QG-n+1HnxWCx4KTQn9+OhVvUSJ=ZCQd6Y1WA@mail.gmail.com>
 <5C8E0FA8-274E-4B56-9B5A-88E768D01F3A@amacapital.net> <a6cd01ed-918a-0ed7-aa87-0585db7b6852@schaufler-ca.com>
 <CAJfpegvUBpb+C2Ab=CLAwWffOaeCedr-b7ZZKZnKvF4ph1nJrw@mail.gmail.com>
 <CAG48ez3Li+HjJ6-wJwN-A84WT2MFE131Dt+6YiU96s+7NO5wkQ@mail.gmail.com>
 <CAJfpeguh5VaDBdVkV3FJtRsMAvXHWUcBfEpQrYPEuX9wYzg9dA@mail.gmail.com> <CAHk-=whE42mFLi8CfNcdB6Jc40tXsG3sR+ThWAFihhBwfUbczA@mail.gmail.com>
In-Reply-To: <CAHk-=whE42mFLi8CfNcdB6Jc40tXsG3sR+ThWAFihhBwfUbczA@mail.gmail.com>
From:   Miklos Szeredi <miklos@szeredi.hu>
Date:   Wed, 12 Aug 2020 09:23:23 +0200
Message-ID: <CAJfpegtXtj2Q1wsR-3eUNA0S=_skzHF0CEmcK_Krd8dtKkWkGA@mail.gmail.com>
Subject: Re: file metadata via fs API (was: [GIT PULL] Filesystem Information)
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     Jann Horn <jannh@google.com>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Andy Lutomirski <luto@amacapital.net>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        David Howells <dhowells@redhat.com>,
        Al Viro <viro@zeniv.linux.org.uk>, Karel Zak <kzak@redhat.com>,
        Jeff Layton <jlayton@redhat.com>,
        Miklos Szeredi <mszeredi@redhat.com>,
        Nicolas Dichtel <nicolas.dichtel@6wind.com>,
        Christian Brauner <christian@brauner.io>,
        Lennart Poettering <lennart@poettering.net>,
        Linux API <linux-api@vger.kernel.org>,
        Ian Kent <raven@themaw.net>,
        LSM <linux-security-module@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Aug 11, 2020 at 11:19 PM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> On Tue, Aug 11, 2020 at 1:56 PM Miklos Szeredi <miklos@szeredi.hu> wrote:
> >
> > So that's where O_ALT comes in.   If the application is consenting,
> > then that should prevent exploits.   Or?
>
> If the application is consenting AND GETS IT RIGHT it should prevent exploits.
>
> But that's a big deal.
>
> Why not just do it the way I suggested? Then you don't have any of these issues.

Will do.

I just want to understand the reasons why a unified namespace is
completely out of the question.   And I won't accept "it's just fugly"
or "it's the way it's always been done, so don't change it".  Those
are not good reasons.

Oh, I'm used to these "fights", had them all along.  In hindsight I
should have accepted others' advice in some of the cases, but in
others that big argument turned out to be a complete non-issue.   One
such being inode and dentry duplication in the overlayfs case vs.
in-built stacking in the union-mount case.  There were a lot of issues
with overlayfs, that's true, but dcache/icache size has NEVER actually
been reported as a problem.

While Al has a lot of experience, it's hard to accept all that
anecdotal evidence just because he says it.   Your worries are also
just those: worries.  They may turn out to be an issue or they may
not.

Anyway, starting with just introducing the alt namespace without
unification seems to be a good first step. If that turns out to be
workable, we can revisit unification later.

Thanks,
Miklos