On 2017-08-23 17:13, Ulli Horlacher wrote:
On Wed 2017-08-23 (12:42), Peter Grandi wrote:
So, still: What is the problem with user_subvol_rm_allowed?
As usual, it is complicated: mostly that while subvol creation
is very cheap, subvol deletion can be very expensive. But then
so can be creating many snapshots, as in this:
But it seems one cannot prohibit a user making snapshots?
Then root must delete them?
That is correct. This is one of the big outstanding issues with BTRFS
being practical for enterprise usage, because it means anyone with basic
shell access and either the ability to run arbitrary byte code or access
to execute /sbin/btrfs can exhaust system resources with no effort
whatsoever. Taken together with how subvolume creation interacts with
qgroups, it also means that qgroups are useless in the same situation
because it's trivial to escape them.
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html