Re: [PATCH v2] ceph: fix posix ACL hooks

From: Linus Torvalds
Date: Tue Feb 04 2014 - 11:17:36 EST

Next message: Eric Dumazet: "Re: [PATCH] fdtable: Avoid triggering OOMs from alloc_fdmem"
Previous message: Michal Hocko: "Re: [PATCH 3/3] Kconfig: organize memory-related config options"
In reply to: Christoph Hellwig: "Re: [PATCH v2] ceph: fix posix ACL hooks"
Next in thread: Linus Torvalds: "Re: [PATCH v2] ceph: fix posix ACL hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 4, 2014 at 3:33 AM, Steven Whitehouse <swhiteho@xxxxxxxxxx> wrote:
>
> The other question that I have relating to that side of things, is why
> security_inode_permission() is called from __inode_permission() rather
> than from generic_permission() ? Maybe there is a good reason, but I
> can't immediately see what it is at the moment.

"generic_permission()" is just a helper that implements the default
UNIX permissions, and won't necessarily even be called. A filesystem
could decide not to call it at all, and in fact there are cases that
don't (eg coda or the bad_inode case).

The inode_permission() class of helpers, in contrast, is what gets
called by the VFS layer itself. So if you want to catch all permission
checks (and that would be security_inode_permission()) then you need
to catch it there.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric Dumazet: "Re: [PATCH] fdtable: Avoid triggering OOMs from alloc_fdmem"
Previous message: Michal Hocko: "Re: [PATCH 3/3] Kconfig: organize memory-related config options"
In reply to: Christoph Hellwig: "Re: [PATCH v2] ceph: fix posix ACL hooks"
Next in thread: Linus Torvalds: "Re: [PATCH v2] ceph: fix posix ACL hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]