Seems *really* weird that every time you send this, patch 6 doesn't seem to reach me in any of my mailboxes... (did get it from the url you listed) I'm sorry if I miss where you explicitly state this, but is it safe to assume, as perusing the patches suggests, that 1. tsk->sec never changes other than in task_alloc_security()? 2. tsk->act_as is only ever dereferenced from (a) current-> except (b) in do_coredump? (thereby carefully avoiding locking issues) I'd still lik...

Add read context retention so that FS-Cache can call back into NFS when a read operation on the cache fails EIO rather than reading data. This permits NFS to then fetch the data from the server instead using the appropriate security context. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/fscache-index.c | 26 ++++++++++++++++++++++++++ 1 files changed, 26 insertions(+), 0 deletions(-) diff --git a/fs/nfs/fscache-index.c b/fs/nfs/fscache-index.c index eec8e7e..af9f06...

Add an address space operation to write one single page of data to an inode at a page-aligned location (thus permitting the implementation to be highly optimised). The data source is a single page. This is used by CacheFiles to store the contents of netfs pages into their backing file pages. Supply a generic implementation for this that uses the write_begin() and write_end() address_space operations to bind a copy directly into the page cache. Hook the Ext2 and Ext3 operations to the generic ...

Store pages from an NFS inode into the cache data storage object associated with that inode. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/fscache.c | 26 ++++++++++++++++++++++++++ fs/nfs/fscache.h | 16 ++++++++++++++++ fs/nfs/read.c | 5 +++++ 3 files changed, 47 insertions(+), 0 deletions(-) diff --git a/fs/nfs/fscache.c b/fs/nfs/fscache.c index 438cc9b..50ae70f 100644 --- a/fs/nfs/fscache.c +++ b/fs/nfs/fscache.c @@ -456,3 +456,29 @@ int __nfs_readpa...

Add NFS mount options to allow the local caching support to be enabled. The attached patch makes it possible for the NFS filesystem to be told to make use of the network filesystem local caching service (FS-Cache). To be able to use this, a recent nfsutils package is required. There are three variant NFS mount options that can be added to a mount command to control caching for a mount. Only the last one specified takes effect: (*) Adding "fsc" will request caching. (*) Adding "fsc=<st...

Recruit a couple of page flags to aid in cache management. The following extra flags are defined: (1) PG_fscache (PG_private_2) The marked page is backed by a local cache and is pinning resources in the cache driver. (2) PG_fscache_write (PG_owner_priv_2) The marked page is being written to the local cache. The page may not be modified whilst this is in progress. If PG_fscache is set, then things that checked for PG_private will now also check for that. This inclu...

nfs_readpage_async() needs to be non-static so that it can be used as a fallback for the local on-disk caching should an EIO crop up when reading the cache. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/read.c | 4 ++-- include/linux/nfs_fs.h | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/nfs/read.c b/fs/nfs/read.c index 3d7d963..725a5a2 100644 --- a/fs/nfs/read.c +++ b/fs/nfs/read.c @@ -114,8 +114,8 @@ static void nfs_readp...

Add a function to install a monitor on the page lock waitqueue for a particular page, thus allowing the page being unlocked to be detected. This is used by CacheFiles to detect read completion on a page in the backing filesystem so that it can then copy the data to the waiting netfs page. Signed-off-by: David Howells <dhowells@redhat.com> --- include/linux/pagemap.h | 5 +++++ mm/filemap.c | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 0 deletions(-) di...

Change all the usages of file->f_mapping in ext3_*write_end() functions to use the mapping argument directly. This has two consequences: (*) Consistency. Without this patch sometimes one is used and sometimes the other is. (*) A NULL file pointer can be passed. This feature is then made use of by the generic hook in the next patch, which is used by CacheFiles to write pages to a file without setting up a file struct. Signed-off-by: David Howells <dhowells@redhat.com&gt...

Add a keyctl() function to get the security label of a key. The following is added to Documentation/keys.txt: (*) Get the LSM security context attached to a key. long keyctl(KEYCTL_GET_SECURITY, key_serial_t key, char *buffer, size_t buflen) This function returns a string that represents the LSM security context attached to a key in the buffer provided. Unless there's an error, it always returns the amount of data it could produce, even if that's too big for the...

Bind data storage objects in the local cache to NFS inodes. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/fscache.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++ fs/nfs/fscache.h | 19 +++++++ fs/nfs/inode.c | 39 ++++++++++++-- include/linux/nfs_fs.h | 10 ++++ 4 files changed, 193 insertions(+), 6 deletions(-) diff --git a/fs/nfs/fscache.c b/fs/nfs/fscache.c index cbd09f0..c0e0320 100644 --- a/fs/nfs/fscache.c +++ b/fs/nfs/fsca...

Add a 'kernel_service' object class to SELinux and give this object class two access vectors: 'use_as_override' and 'create_files_as'. The first vector is used to grant a process the right to nominate an alternate process security ID for the kernel to use as an override for the SELinux subjective security when accessing stuff on behalf of another process. For example, CacheFiles when accessing the cache on behalf on a process accessing an NFS file needs to use a subjective security ID appropriate ...

Define and create inode-level cache data storage objects (as managed by nfs_inode structs). Each inode-level object is created in a superblock-level index object and is itself a data storage object into which pages from the inode are stored. The inode object key is the NFS file handle for the inode. The inode object is given coherency data to carry in the auxiliary data permitted by the cache. This is a sequence made up of: (1) i_mtime from the NFS inode. (2) i_ctime from the NFS inode....

Permit local filesystem caching to be enabled for NFS in the kernel configuration. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/Kconfig | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) diff --git a/fs/Kconfig b/fs/Kconfig index c42ec50..fa8e978 100644 --- a/fs/Kconfig +++ b/fs/Kconfig @@ -1644,6 +1644,14 @@ config NFS_V4 If unsure, say N. +config NFS_FSCACHE + bool "Provide NFS client caching support (EXPERIMENTAL)" + depends on EXPERIMENT...

Check the starting keyring as part of the search to (a) see if that is what we're searching for, and (b) to check it is still valid for searching. The scenario: User in process A does things that cause things to be created in its process session keyring. The user then does an su to another user and starts a new process, B. The two processes now share the same process session keyring. Process B does an NFS access which results in an upcall to gssd. When gssd attempts to instantiate the context ...

Change current->fs[ug]id to current_fs[ug]id() so that fsgid and fsuid can be separated from the task_struct. Signed-off-by: David Howells <dhowells@redhat.com> --- arch/ia64/kernel/perfmon.c | 4 ++-- arch/powerpc/platforms/cell/spufs/inode.c | 4 ++-- drivers/isdn/capi/capifs.c | 4 ++-- drivers/usb/core/inode.c | 4 ++-- fs/9p/fid.c | 2 +- fs/9p/vfs_inode.c | 4 ++...

Register NFS for caching and retrieve the top-level cache index object cookie. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/Makefile | 1 + fs/nfs/fscache-index.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++ fs/nfs/fscache.h | 35 ++++++++++++++++++++++++++++++++ fs/nfs/inode.c | 8 +++++++ 4 files changed, 97 insertions(+), 0 deletions(-) create mode 100644 fs/nfs/fscache-index.c create mode 100644 fs/nfs/fscache.h diff --...

Make NFSD work with detached security, using the patches that excise the security information from task_struct to struct task_security as a base. Each time NFSD wants a new security descriptor (to do NFS4 recovery or just to do NFS operations), a task_security record is derived from NFSD's *objective* security, modified and then applied as the *subjective* security. This means (a) the changes are not visible to anyone looking at NFSD through /proc, (b) there is no leakage between two consecutive op...

Here's my take on the matter. The propagation tree can be either be represented 1) "from root to leaf" listing members of peer groups and their slaves explicitly, 2) or "from leaf to root" by identifying each peer group and then for each mount showing the id of its own group and the id of the group's master. 2) can have two variants: 2a) id of peer group is constant in time 2b) id of peer group may change The current patch does 2b). Having a fixed id for each peer group wo...

Why do those last two questions deserve an answer? How will a person's or application's behaviour be affected by whether a change will propagate to something they don't know about and can't see? -- Intel are signing my paycheques ... these opinions are still mine "Bill, look, we understand that you're interested in selling us this operating system, but compare it to ours. We can't possibly take such a retrograde step." -

Well, assuming you see only one namespace. When I'm experimenting with namespaces and propagations, I see both (each in a separate xterm) and I do want to know how propagation between them happens. Your suggestion doesn't deal with that problem. Otherwise, yes it makes sense to have a consistent view of the tree shown for each namespace. Perhaps the solution is to restrict viewing the whole tree to privileged processes. Miklos -

A plenty. E.g. if foo trusts control over /var/blah to bar, it's not obvious that foo has any business knowing if bar gets it from somebody else in turn. And I'm not sure that bar has any business knowing that foo has the damn thing attached in five places instead of just one, let alone _where_ it has been attached. If you get down to it, the thing is about delegating control over part of namespace to somebody, without letting them control, see, etc. the rest of it. So I'd rather be very conse...

Hmm, looks like selinux is not showing it's mount options in /proc/mounts. Well, actually there's no infrastructure for it either. Here's a template patch (completely untested). Selinux guys, please fill in the details and submit, thanks. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Index: linux/fs/namespace.c =================================================================== --- linux.orig/fs/namespace.c 2008-02-20 10:51:11.000000000 +0100 +++ linux/fs/namespace.c 2008-02-20 10:...

It was. I already knew about this issue and its 'on my list.' Although I guess we need a something ?new LSM hook? which will translate the sb_get_mnt_opts stuff into a single text string. Or I guess really that can be done in you sb_show_options and I can just use sb_get_mnt_opts under the covers. Anyway, unrelated issue that will get fixed as soon as this real BUG() is fixed. -Eric -

And to be clear: this patch fixes a real bug in the nfs/selinux interaction on nohide mounts, a bug that needs to be fixed upstream as soon as possible. A bug that was introduced by changes in nfs, not changes in selinux AFAIK, given that the original approach to context mounts was introduced and approved by nfs folks long ago. So regardless of what happens wrt the text mount options, this patch needs to get merged. -- Stephen Smalley National Security Agency -