diff options
| author | Vivek Goyal <vgoyal@redhat.com> | 2020-10-09 21:15:07 +0300 |
|---|---|---|
| committer | Miklos Szeredi <mszeredi@redhat.com> | 2020-11-11 19:22:32 +0300 |
| commit | 63f9909ff602082597849f684655e93336c50b11 (patch) | |
| tree | b6826e7dde35148fc24c0049818491f72b0aac9e /drivers/most | |
| parent | df8629af293493757beccac2d3168fe5a315636e (diff) | |
| download | linux-63f9909ff602082597849f684655e93336c50b11.tar.xz | |
fuse: introduce the notion of FUSE_HANDLE_KILLPRIV_V2
We already have FUSE_HANDLE_KILLPRIV flag that says that file server will
remove suid/sgid/caps on truncate/chown/write. But that's little different
from what Linux VFS implements.
To be consistent with Linux VFS behavior what we want is.
- caps are always cleared on chown/write/truncate
- suid is always cleared on chown, while for truncate/write it is cleared
only if caller does not have CAP_FSETID.
- sgid is always cleared on chown, while for truncate/write it is cleared
only if caller does not have CAP_FSETID as well as file has group execute
permission.
As previous flag did not provide above semantics. Implement a V2 of the
protocol with above said constraints.
Server does not know if caller has CAP_FSETID or not. So for the case
of write()/truncate(), client will send information in special flag to
indicate whether to kill priviliges or not. These changes are in subsequent
patches.
FUSE_HANDLE_KILLPRIV_V2 relies on WRITE being sent to server to clear
suid/sgid/security.capability. But with ->writeback_cache, WRITES are
cached in guest. So it is not recommended to use FUSE_HANDLE_KILLPRIV_V2
and writeback_cache together. Though it probably might be good enough
for lot of use cases.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'drivers/most')
0 files changed, 0 insertions, 0 deletions