[PATCH v3 4/4] fuse: define the filesystem as untrusted
Chuck Lever
chuck.lever at oracle.com
Thu Mar 15 13:53:10 UTC 2018
Hi Stef-
> On Mar 15, 2018, at 6:07 AM, Stef Bon <stefbon at gmail.com> wrote:
>
> 2018-03-14 22:42 GMT+01:00 Eric W. Biederman <ebiederm at xmission.com>:
>>>
>>> Please tell me if I'm hijacking the thread.
>>
>> Unless something brings us to non-consensus about the patches to merge
>> we are good. I think this is an area that need some discussion.
>>
>> The big big thing right now, as I understand it, is these mechanisms that
>> nfs uses to keep the cache in sync are not clearly reflected in the vfs
>> in a way that ima can take advantage of them.
>>
>>
>
> Chuck you mean fschange notifications methods like
> NT_TRANSACT_NOTIFY_CHANGE for cifs.
No, I don't mean notification. That's a different mechanism entirely.
NFSv4 delegations are similar to SMB oplocks. It's a protocol
guarantee that the server will tell the client that holds a delegation
when another client wants conflicting access to a file. The client
then has an opportunity to update the file with anything it has cached
and then the client releases the delegation. Servers have the option
of granting a delegation for a file when it is OPENed.
NFSv4 OPEN with share deny is similar to the way that SMB does OPENs.
When a user OPENs a file this way, no other user or client is allowed
to access it until the user CLOSEs the file.
> I believe that NFS4 has something simular.
> These mechanism will inform the client when a file in a watched
> directory is changed.
> This is not yet supported in Linux (these methods are not triggered
> any way when setting a watch using inotify for exmple).
> There was support with dnotify
> (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/cifs/cifssmb.c#n6393).
>
> But these methods are triggered by the user and not the VFS/kernel and
> therefore cannot garantee that all files on the client
> are the same as on the server.
> This also counts for a read delegation with nfs and methods like
> leases in a client server environment.
>
> Stef
--
Chuck Lever
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list