Re: -mm -> 2.6.13 merge status (fuse)

[Theodore Ts'o]

On Fri, Jun 24, 2005 at 07:49:50AM +0200, Miklos Szeredi wrote:
> > ??  Not sure what you're saying.
> 
> If user X mounts a filesystem, and root wants to access it, it can do
> 'su X' and see the otherwise inaccesible files.

That's rather awkward, and will be painful in certain applications
that are trying to scan multiple filesystems, possibly run by
different users X, Y, and Z.

> > > How do you think fcntl() could be used?  I think a task flag settable
> > > via prctl() would be more appropriate.
> > 
> > The problem with a task flag is that a root process might not want to
> > give permission for _all_ user-mountable filesystem, but only certain
> > ones.  So the idea is that the process should be able to specify
> > specific mountpoints as being "ok" for the process to access.
> 
> OK, so you're saying, it should be a per-mountpoint flag, and not a
> per-process one.

No, I'm saying that it should be both per-mountpoint and per-process.
Hence something like fnctl.  Problem is though fnctl() works on a file
descriptor, and with FUSE running you wouldn't be able to even get a
file descriptor opened on the mountpoint.  

> Then the solution is simple I think.  Root can just remount the
> filesystem with the 'allow_other' flag (that's currently not possible,
> because the remount_fs operation is not yet implemented).

Globally remounting the filesystem allow_other isn't the right thing,
since applications that don't know what to expect will be taken by
surprise.  Hence my suggestion to do something which is both
per-mountpoint and per-process.

						- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/