On 3/26/2012 7:22 AM, David Howells wrote:J. R. Okajima <hooanon05@xxxxxxxxxxx> wrote:
True. I'm not sure what's the best way to deal with that. Possibly add an(4) Added some code to override the credentials around upper inodeObviously the xattr entry may not have its meanings on the upper fs,
creation to make sure the inode gets the right UID/GID. This doesn't
help if the lower inode has some sort of foreign user identifier.
Also, I'm not sure whether the LSM xattrs should be blindly copied up.
Should the LSM policies applicable to the lower fs's apply to the upper
fs too?
extra flag to vfs_setxattr() and have the fs vet them... OTOH, this gives us
files on the lowerfs that may well differ in appearance to files on the
upperfs with respect to their xattrs.
Are you suggesting that you would have heterogeneous filesystems
with different xattr behavior stacked at the same time as you're
using an LSM that cares about the behavior of xattrs? Oh dear. As
I typed that sentence I identified a viable use case.
or the upper fs may return an error when setting the xattr. Additionally theAlso true. It's possible that the best way is just to ignore everything but a
returned errno may not follow the generic semantics (ENOTSUP, ENOSPC, or
EDQUOT) since the fs may return fs-specific error.
medium-related error such as EIO, ENOSPC and EDQUOT: We tried... Oh well.
On the other hand, users may expect that the all xattrs are copied-up,Yeah. Ideally, the copied-up file would be indistinguishable from the lower
particulary when he knows that the xattrs works well on the upper fs too.
In copy-up, it will be hard to support all cases.
file, but in practice that's not possible unless inode numbers and other
physical characteristics of the lower file are recorded in the upper fs (say
on an xattr).
In order to leave users how to handle the xattrs, I'd suggestI would suggest 'cpyup' or 'copyup' rather than 'cpup' - the latter looks like
introducing some mount options, which are similar to cp(1).
cp(1) has several options
--preserve=mode,ownership,timestamps,context,links,xattr,all
('mode' includes acl which are based upon xattr)
Since the mode (without acl), ownership and timestamps should always be
copied-up, the new mount options will be something like
cpup-xattr=acl,context,all
something to do with CPUs, but yes, it's worth considering.
And only when the option is specfied, the xattrs are copied up. NoThat's not necessarily good enough. What if and LSM, say SELinux, is in
special error handling is necessary, all the errors should be returned
to users unconditionally.
force? Now SELinux will happily label the files for you - but there's a
reasonable chance they won't be correct. OTOH, they may not be correct even
if they are copied up.
The underlying storage (the "real" file) has to have the xattr attached
to it.
Any other behavior is incorrect. If the underlying filesystem does not
support
xattrs that lack of support has to be propagated upwards even if the higher
layer filesystem supports xattrs.
In the case of Smack filesystems that don't support xattrs are still given
labels based on mount options. If the lower filesystem is NTFS and the upper
ext4 you've got to respect the NTFS labeling behavior for files there.
Does union-mount preserve mtime? If not, it is critical for someUmmm... Interesting question. If it copies up a file, then that file must
applications such like "make" I am afraid.
have been opened for writing. Is the mtime altered by such an event, or only
by a write() having been issued? Also, what about ctime? That doesn't seem
to have been copied up either.
What is the expected behavior of union mounts for all attributes? Is it
specified anywhere?
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.