To: haveblue@us.ibm.com
CC: miklos@szeredi.hu, viro@ZenIV.linux.org.uk, linux-fsdevel@vger.kernel.org,
       linux-kernel@vger.kernel.org, neilb@suse.de, akpm@linux-foundation.org,
       hch@infradead.org, linux-security-module@vger.kernel.org,
       jmorris@namei.org
In-reply-to: <1206133681.30471.37.camel@nimitz.home.sr71.net> (message from
	Dave Hansen on Fri, 21 Mar 2008 14:08:01 -0700)
Subject: Re: r-o bind in nfsd
References: <E1Jciie-0001E6-Dx@pomaz-ex.szeredi.hu>
	 <20080321155451.GU10722@ZenIV.linux.org.uk>
	 <E1Jck2N-0001Q3-7W@pomaz-ex.szeredi.hu>
	 <20080321163520.GV10722@ZenIV.linux.org.uk>
	 <E1JckW9-0001Ub-Rs@pomaz-ex.szeredi.hu>
	 <E1Jckjd-0001X8-IM@pomaz-ex.szeredi.hu>
	 <20080321181105.GW10722@ZenIV.linux.org.uk>
	 <E1JcmLz-0001n1-RC@pomaz-ex.szeredi.hu> <1206133681.30471.37.camel@nimitz.home.sr71.net>
Message-Id: <E1Jcobn-00029d-Vd@pomaz-ex.szeredi.hu>
From: Miklos Szeredi <miklos@szeredi.hu>
Date: Fri, 21 Mar 2008 22:17:03 +0100
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 943
Lines: 21

> On Fri, 2008-03-21 at 19:52 +0100, Miklos Szeredi wrote:
> > Traditionally we have syscalls, and nfsd.  Both of them want the
> > security checks, and I think nfsd wants the read-only mount checking
> > as well, but I'm not entirely sure.  Maybe we can handle that by just
> > making nfsd acquire a write-ref on the mount and keep it while it's
> > exported.
> 
> The only question for me would be where the current r/o checks are
> happening (IS_RDONLY()).  I generally based my patches on replacing
> those calls.  

In may_create()/may_delete() on parent directory.  So that one needs
audit of all callers, unless Al can be convinced that moving those
checks into the VFS makes sense.

Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/