Hello Andy,
Andy Whitcroft:
> As the code is specifically different for the read on a directory
> case, I assume there is some specific reason for this but I am
> struggling to understand it in order to work out if you intend to
> prevent the above use case.
I hope these descriptions are the answer for you.
(from aufs manual)
----------------------------------------
.SH Incompatible with an Ordinary Filesystem
:::
The test for permission bits has two cases. One is for a directory,
and the other is for a non-directory. In the case of a directory, aufs
checks the permission bits of all existing directories. It means you
need the correct privilege for the directories including the lower
branches.
The test for a non-directory is more simple. It checks only the
topmost inode.
:::
----------------------------------------
(from linux/Documentation/filesystems/aufs/design/99plan.txt)
----------------------------------------
Restoring some features which was implemented in aufs1.
They were dropped in aufs2 in order to make source files simpler and
easier to be reviewed.
Test Only the Highest One for the Directory Permission (dirperm1 option)
----------------------------------------------------------------------
Let's try case study.
- aufs has two branches, upper readwrite and lower readonly.
/au = /rw + /ro
- "dirA" exists under /ro, but /rw. and its mode is 0700.
- user invoked "chmod a+rx /au/dirA"
- then "dirA" becomes world readable?
In this case, /ro/dirA is still 0700 since it exists in readonly branch,
or it may be a natively readonly filesystem. If aufs respects the lower
branch, it should not respond readdir request from other users. But user
allowed it by chmod. Should really aufs rejects showing the entries
under /ro/dirA?
To be honest, I don't have a best solution for this case. So I
implemented 'dirperm1' and 'nodirperm1' option in aufs1, and leave it to
users.
When dirperm1 is specified, aufs checks only the highest one for the
directory permission, and shows the entries. Otherwise, as usual, checks
every dir existing on all branches and rejects the request.
As a side effect, dirperm1 option improves the performance of aufs
because the number of permission check is reduced.
:::
----------------------------------------
J. R. Okajima
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
