HAMMER per-PFS permissions for ioctl syscalls

Matthew Dillon dillon at backplane.com
Wed Sep 30 20:56:33 PDT 2015


Well, I think its a bit too dangerous to give snapshotting power to the
user in this case.  The snapshots are managed on a per-PFS  basis so the
user would be able to interfere with whatever root intended on doing with
the capability.

-Matt

On Sat, Sep 26, 2015 at 7:06 AM, Vasily Postnicov <shamaz.mazum at gmail.com>
wrote:

> Hello. I have noticed, that some ioctls, like HAMMERIOC_GETHISTORY or
> HAMMERIOC_GET_INFO can be made by any user, and there are some like
> HAMMERIOC_ADD_SNAPSHOT, which only root can do. I find this somewhat
> "unfair", because why a user cannot, for example, make a snapshot of his
> own home directory, if there is a PFS mounted to that directory? I think
> something like zfs allow/unallow is needed here. Any ideas how I can
> implement this?
>
> Maybe I should add a new record type to vfs/hammer/hammer_disk.h, say
> HAMMER_RECTYPE_PERM, and use it in the similar way to
> HAMMER_RECTYPE_CONFIG, like writing functions similar to
> hammer_ioc_get/set_config? So when a user calls ioctl() it will be like
> this in the kernel space:
>
> 1) Start a new transactions and initialize a cursor.
> 2) setup the cursor. Set cursor.key_beg.rec_type = HAMMER_RECTYPE_PERM;
> 3) do hammer_btree_lookup(&cursor);
> 4) If lookup succeeded, extract permission info and act accordingly to it.
>
> So what you think? Will it work? Maybe I need to cache the results somehow
> and do not call hammer_btree_lookup() each time ioctl is called? Or it is
> already done automatically?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/kernel/attachments/20150930/3403fc46/attachment-0003.htm>


More information about the Kernel mailing list