Re: Security issues with local filesystem caching

From: Trond Myklebust
Date: Thu Nov 02 2006 - 16:25:13 EST

Next message: Adrian Bunk: "Re: 2.6.19-rc4: known unfixed regressions"
Previous message: Maciej Rutecki: "[2.6.18] Suspend to ram and SATA"
In reply to: David Howells: "Re: Security issues with local filesystem caching"
Next in thread: David Howells: "Re: Security issues with local filesystem caching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2006-11-02 at 20:38 +0000, David Howells wrote:
> Trond Myklebust <trond.myklebust@xxxxxxxxxx> wrote:
>
> > Just why are you doing all this? Why do we need a back-end that requires
> > all this extra client-side security infrastructure in order to work?
>
> Well, both Christoph and Al are of the opinion that I should be using
> vfs_mkdir() and co rather than bypassing the security and calling inode ops
> directly.

...but why are you needing to call vfs_mkdir? I thought the standard
cachefs backend just uses a pool of files, rather like the original AFS
cache did. Are you trying to mirror the layout and the permissions of
the NFS filesystem? That is a lot more work than it is worth...

> Also I should be setting security labels on the files I create.

To what end? These files shouldn't need to be made visible to userland
at all.

Cheers,
Trond

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adrian Bunk: "Re: 2.6.19-rc4: known unfixed regressions"
Previous message: Maciej Rutecki: "[2.6.18] Suspend to ram and SATA"
In reply to: David Howells: "Re: Security issues with local filesystem caching"
Next in thread: David Howells: "Re: Security issues with local filesystem caching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]