Well, I think its a bit too dangerous to give snapshotting power to the user in this case. The snapshots are managed on a per-PFS basis so the user would be able to interfere with whatever root intended on doing with the capability.
-Matt On Sat, Sep 26, 2015 at 7:06 AM, Vasily Postnicov <shamaz.ma...@gmail.com> wrote: > Hello. I have noticed, that some ioctls, like HAMMERIOC_GETHISTORY or > HAMMERIOC_GET_INFO can be made by any user, and there are some like > HAMMERIOC_ADD_SNAPSHOT, which only root can do. I find this somewhat > "unfair", because why a user cannot, for example, make a snapshot of his > own home directory, if there is a PFS mounted to that directory? I think > something like zfs allow/unallow is needed here. Any ideas how I can > implement this? > > Maybe I should add a new record type to vfs/hammer/hammer_disk.h, say > HAMMER_RECTYPE_PERM, and use it in the similar way to > HAMMER_RECTYPE_CONFIG, like writing functions similar to > hammer_ioc_get/set_config? So when a user calls ioctl() it will be like > this in the kernel space: > > 1) Start a new transactions and initialize a cursor. > 2) setup the cursor. Set cursor.key_beg.rec_type = HAMMER_RECTYPE_PERM; > 3) do hammer_btree_lookup(&cursor); > 4) If lookup succeeded, extract permission info and act accordingly to it. > > So what you think? Will it work? Maybe I need to cache the results somehow > and do not call hammer_btree_lookup() each time ioctl is called? Or it is > already done automatically? >
