Hello, On Mon, Aug 17, 2009 at 06:54:21PM +0200, Carl Fredrik Hammar wrote: > On Mon, Aug 17, 2009 at 07:15:09PM +0300, Sergiu Ivanov wrote: > > > > > + mountee_node = netfs_make_node (netfs_root_node->nn); > > > > + if (!mountee_node) > > > > + return ENOMEM; > > > > + > > > > + /* Set the mountee on the new node. > > > > + Note that the O_READ flag does not actually limit access to the > > > > + mountee's filesystem considerably. Whenever a client looks up a > > > > + node which is not a directory, unionfs will give off a port to > > > > + the node itself, withouth proxying it. Proxying happens only for > > > > + directory nodes. */ > > > > > > Why are you passing O_READ, anyways?... > > > > The flags which I pass to start_mountee are used in opening the port > > to the root node of the mountee. (I'm sure you've noticed this; I'm > > just re-stating it to avoid ambiguities). Inside unionfs, this port > > is used for lookups *only*, so O_READ should be sufficient for any > > internal unionfs needs. Ports to files themselves are not proxied by > > unionfs (as the comment reads), so the flags passed here don't > > influence that case. > > > > Also, unionfs itself uses O_READ when opening directory nodes, too > > (well, it actually uses O_READ | O_NOTRANS, but that's unapplicable in > > our case). > > You don't need O_READ to do lookup, only to read the entries of a > directory. If you don't read the entries you should drop the O_READ, > and in unionfs itself if applicable.
Ah, thanks for pointing out! :-) I forgot to mention that, of course, unionfs also uses the ports to the directories to list the contents of the directories, that's why I open the port to the root of the mountee with this flag. It seems that the operation of reading the entries of a directory in unionfs occupies such a non-important position in my mind that I'm always forgetting to mention it when it's necessary :-( > (Note that permission to do lookups is determined entirely by the > *current* permission bits and the UIDs and GIDs the file handle has > been authenticated with, unlike read and write for which permissions > are checked only checked once at open.) Yeah, sure, I'm aware of that, but thanks for reminding :-) Regards, scolobb
