xfs
[Top] [All Lists]

Re: [PATCH] xfs: change the immutable in xfs_open_by_handle

To: Mark Tinguely <tinguely@xxxxxxx>
Subject: Re: [PATCH] xfs: change the immutable in xfs_open_by_handle
From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Wed, 11 Sep 2013 06:55:02 -0700
Cc: xfs@xxxxxxxxxxx, Greg Banks <gbanks@xxxxxxx>
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <20130910184724.726933044@xxxxxxx>
References: <20130910184724.726933044@xxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)
On Tue, Sep 10, 2013 at 01:47:20PM -0500, Mark Tinguely wrote:
> This patch allows clients like DMF to modify an immutable file
> without changing the immutable capability on the file, which
> would expose the file to change.
> 
> This patch is restricted to holders of the CAP_LINUX_IMMUTABLE,
> so no addition security risk has been introduced.

The immutable flag means that the file can't be modified, and
CAP_LINUX_IMMUTABLE allows setting/removing that restriction, but not
ignoring it.

So: NAK, this is a change in semantics and long-standing behaviour.

<Prev in Thread] Current Thread [Next in Thread>