HAMMER per-PFS permissions for ioctl syscalls
Vasily Postnicov
shamaz.mazum at gmail.com
Sat Sep 26 07:06:34 PDT 2015
Hello. I have noticed, that some ioctls, like HAMMERIOC_GETHISTORY or
HAMMERIOC_GET_INFO can be made by any user, and there are some like
HAMMERIOC_ADD_SNAPSHOT, which only root can do. I find this somewhat
"unfair", because why a user cannot, for example, make a snapshot of his
own home directory, if there is a PFS mounted to that directory? I think
something like zfs allow/unallow is needed here. Any ideas how I can
implement this?
Maybe I should add a new record type to vfs/hammer/hammer_disk.h, say
HAMMER_RECTYPE_PERM, and use it in the similar way to
HAMMER_RECTYPE_CONFIG, like writing functions similar to
hammer_ioc_get/set_config? So when a user calls ioctl() it will be like
this in the kernel space:
1) Start a new transactions and initialize a cursor.
2) setup the cursor. Set cursor.key_beg.rec_type = HAMMER_RECTYPE_PERM;
3) do hammer_btree_lookup(&cursor);
4) If lookup succeeded, extract permission info and act accordingly to it.
So what you think? Will it work? Maybe I need to cache the results somehow
and do not call hammer_btree_lookup() each time ioctl is called? Or it is
already done automatically?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/kernel/attachments/20150926/fe453262/attachment-0002.htm>
More information about the Kernel
mailing list