Stephen Smalley <[email protected]> wrote:
> > You start the cache by mounting it:
> >
> > mount -t cachefs /dev/hdx9 /cachefs
> >
> > Then it's online. However, you might want to check that whoever's calling
> > mount has permission to bring a cache online...
>
> Hmmm...that raises a separate issue - how does SELinux label cachefs
> inodes? Does cachefs support xattrs? Other option is to use a mount
> context (mount -o context=...) to apply a single context to all inodes
> within it.
There are only two inodes publically available through cachefs - the root dir
and a file of statistics - and they're both read only. Everything else, for
the moment, is strictly internal and unavailable to userspace. In fact, there
may not be any other inodes.
> Where exactly is the cachefs code available?
It'll need a little bit of work to make it compilable again; but I can probably
get you a copy on Monday. I've been concentrating on CacheFiles.
> I'm also unclear on where you establish the binding between the files
> being cached and the cache. What specifies that e.g. a given NFS mount
> should be backed to a given cache? We need to be able to control that
> relationship too, to establish that the cache is being protected
> adequately for the source data.
Yes. I haven't worked that one out yet. Currently it's not a problem as only
CacheFiles is available at the moment, and that currently only supports one
cache.
But I have an idea that I need to work on to make it possible to associate
directories and files with caches (or other useful parameters).
> > (1) Permission to bring a cache online or to take a cache offline.
>
> At present, this will show up as the usual checking on mount (security
> hooks in do_mount and vfs_kern_mount) and on umount (security hook in
> do_umount) by SELinux. I'm not sure whether you need anything specific
> to the cache.
That doesn't apply to CacheFiles, but okay; we can always add it later if we
decide we want it.
David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]