Date: Tue, 31 May 2011 11:06:43 -0700
From: Andi Kleen <ak@linux.intel.com>
To: Steven Whitehouse <swhiteho@redhat.com>
Cc: Andi Kleen <andi@firstfloor.org>, viro@zeniv.linux.org.uk,
        linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        chris.mason@oracle.com, josef@redhat.com, agruen@linbit.com,
        "Serge E. Hallyn" <serue@us.ibm.com>
Subject: Re: [PATCH 1/4] Cache xattr security drop check for write v2
Message-ID: <20110531180643.GB9261@alboin.amr.corp.intel.com>
References: <1306596354-18453-1-git-send-email-andi@firstfloor.org>
 <1306849896.2816.22.camel@menhir>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1306849896.2816.22.camel@menhir>
User-Agent: Mutt/1.5.20 (2009-06-14)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1139
Lines: 32

> It sounds like a good idea, but cluster filesystems will need to clear
> the flag when they update their in-core inodes. Without that we could
> have:
> 
>  Node A looks up inode and sets S_NOSEC since its not suid
>  Node B does chmod +s on the inode
>  Node A now has S_NOSEC set, but inode is suid, so writes don't clear
> suid

Good point. I assume that's also true for network file systems.

This would essentially argue that for those putting the helper
into the inode read paths is not optional. I'll look into this
later.

> -	flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
> +	flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC|S_NOSEC);
> +	if (!is_sxid(inode->i_mode))
> +		flags |= S_NOSEC;

Doesn't that need a check for no xattr too? or do you not support
those currently?

Note I added a helper for this in the latest version:
inode_has_no_xattr()

-Andi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/