On 20 October 2010 12:30, <span dir="ltr"><<a href="mailto:bzzz.tomas@gmail.com">bzzz.tomas@gmail.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On 10/20/10 12:24 PM, Andreas Dilger wrote:<br>
> I'm reluctant to expose the whole FID namespace to applications, since this completely bypasses all directory permissions and allows opening files only based on their inode permissions. If we require a name_to_handle() syscall to succeed first, before allowing open_by_handle() to work, then at least we know that one of the involved processes was able to do a full path traversal.<br>
<br>
</div>yes, this is a good point. can be solved if you use FID +<br>
capability/signature ?<br>
<div class="im"><br>
>> another idea was to do whole path traversal on MDS within a single RPC.<br>
>> bug that'd require amount of changes to llite and/or VFS and keep MDS<br>
>> a bottleneck.<br>
><br>
> This was discussed a long time ago, and has the potential drawback that if one of the path components is over-mounted on the client (e.g. local RAM-based tmpfs on a Lustre root filesystem) then the MDS-side path traversal would be incorrect. It could return an entry underneath the mountpoint, instead of inside it.<br>
<br>
</div>yes, and that could be solved if server returns a series of FIDs,<br>
then client could check whether any of those is over-mounted?<br></blockquote><div><br></div><div>This is what sufficiently smart nfsv4 clients are supposed to do, by the way, I believe: issue a compound RPC with a sequence of LOOKUP requests and traverse returned sequence of file-id-s locally, checking for mount points.</div>
<div><br></div><div>Nikita.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br>
thanks, z<br>
<div><div></div><div class="h5"><br>
_______________________________________________<br>
Lustre-devel mailing list<br>
<a href="mailto:Lustre-devel@lists.lustre.org">Lustre-devel@lists.lustre.org</a><br>
<a href="http://lists.lustre.org/mailman/listinfo/lustre-devel" target="_blank">http://lists.lustre.org/mailman/listinfo/lustre-devel</a><br>
</div></div></blockquote></div><br>