On Tue, May 06, 2025 at 11:26:30AM +0100, David Howells wrote: > Christian Brauner <brau...@kernel.org> wrote: > > > > However, the bash work around is going to be removed: > > > > Why is it removed? That's a very strange comment: > > Because it makes bash output redirection work differently to other programs, I > would guess. It's actually a simple security check to work around (just retry > the open() with O_CREAT dropped) - however, it does expose an... error, I > suppose, in the Linux kernel: namely that the VFS itself is treating foreign > files as if they had local system ownership. > > We have the ->permission() inode op for this reason (I presume) - but that > only applies to certain checks. The VFS must not assume that it can interpret > i_uid and i_gid on an inode and must not assume that it can compare them to > current->fsuid and current->fs_gid. > > Now, in my patch, I added two inode ops because they VFS code involved makes > two distinct evaluations and so I made an op for each and, as such, those > evaluations may be applicable elsewhere, but I could make a combined op that > handles that specific situation instead.
Try to make it one, please. _______________________________________________ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
