Re: [PATCH 2/2] block: create ioctl to discard-or-zeroout a range of blocks

From: One Thousand Gnomes
Date: Fri Mar 11 2016 - 09:02:04 EST

Next message: Vladimir Davydov: "Re: [PATCH] mm: memcontrol: reclaim when shrinking memory.high below usage"
Previous message: Christoph Hellwig: "Re: [PATCH v18 00/22] Richacls (Core and Ext4)"
In reply to: Ric Wheeler: "Re: [PATCH 2/2] block: create ioctl to discard-or-zeroout a range of blocks"
Next in thread: Theodore Ts'o: "Re: [PATCH 2/2] block: create ioctl to discard-or-zeroout a range of blocks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > We can do the security check at the filesystem level, because we have
> > sb->s_bdev->bd_inode, and if you have read and write permissions to
> > that inode, you might as well have permission to create a unsafe hole.

Not if you don't have access to a block device node to open it, or there
are SELinux rules that control the access. There are cases it isn't
entirely the same thing as far as I can see. Consider within a container
for example.

The paranoid approach would IMHO to have a mount option so you can
explicitly declare a file system mount should trust its owner/group and
then that can also be used to wire up any other "unsafe" activities in a
general "mounted for a special use" option.

Alan

Next message: Vladimir Davydov: "Re: [PATCH] mm: memcontrol: reclaim when shrinking memory.high below usage"
Previous message: Christoph Hellwig: "Re: [PATCH v18 00/22] Richacls (Core and Ext4)"
In reply to: Ric Wheeler: "Re: [PATCH 2/2] block: create ioctl to discard-or-zeroout a range of blocks"
Next in thread: Theodore Ts'o: "Re: [PATCH 2/2] block: create ioctl to discard-or-zeroout a range of blocks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]