Hi, On Mon, Aug 17, 2009 at 07:15:09PM +0300, Sergiu Ivanov wrote: > > > + mountee_node = netfs_make_node (netfs_root_node->nn); > > > + if (!mountee_node) > > > + return ENOMEM; > > > + > > > + /* Set the mountee on the new node. > > > + Note that the O_READ flag does not actually limit access to the > > > + mountee's filesystem considerably. Whenever a client looks up a > > > + node which is not a directory, unionfs will give off a port to > > > + the node itself, withouth proxying it. Proxying happens only for > > > + directory nodes. */ > > > > Why are you passing O_READ, anyways?... > > The flags which I pass to start_mountee are used in opening the port > to the root node of the mountee. (I'm sure you've noticed this; I'm > just re-stating it to avoid ambiguities). Inside unionfs, this port > is used for lookups *only*, so O_READ should be sufficient for any > internal unionfs needs. Ports to files themselves are not proxied by > unionfs (as the comment reads), so the flags passed here don't > influence that case. > > Also, unionfs itself uses O_READ when opening directory nodes, too > (well, it actually uses O_READ | O_NOTRANS, but that's unapplicable in > our case).
You don't need O_READ to do lookup, only to read the entries of a directory. If you don't read the entries you should drop the O_READ, and in unionfs itself if applicable. (Note that permission to do lookups is determined entirely by the *current* permission bits and the UIDs and GIDs the file handle has been authenticated with, unlike read and write for which permissions are checked only checked once at open.) Regards, Fredrik
