Re: [MAINTAINERS SUMMIT] re-think of richACLs in AI/LLM era

ksummit.lists.linux.dev archive mirror
 help / color / mirror / Atom feed

From: Jan Kara <jack@suse.cz>
To: Coly Li <colyli@fnnas.com>
Cc: Paul Moore <paul@paul-moore.com>,
	Randy Dunlap <rdunlap@infradead.org>,
	 Steven Rostedt <rostedt@goodmis.org>, Jan Kara <jack@suse.cz>,
	ksummit@lists.linux.dev
Subject: Re: [MAINTAINERS SUMMIT] re-think of richACLs in AI/LLM era
Date: Wed, 17 Sep 2025 09:59:09 +0200	[thread overview]
Message-ID: <3kyvpf23r3bgnuwxl2wuan64dfuahnarpzzsn2gxae3hylsva6@gcf4moh5zvol> (raw)
In-Reply-To: <s5e5xf2f4svjc6wd6rn6t2h3nxt2egrn63zqx7tfe4ch3rhuc7@vganh63433hd>

On Wed 17-09-25 01:12:48, Coly Li wrote:
> Users store they photos on the system, and the compact AI module processes all
> their photos and groups all the photos into different categories like pizza,
> dogs, cats, foods or group photos. After the process done, users may see they
> photos in different categories that the AI module thinks they should be in. Then
> users may share the categories with photos to others. If indentical categories
> shared by different users, the shared photos can be combined all together. And
> AI module may continue to process the shared photos and generate new categaries
> from the shared photos, e.g. pizza in the same city, cats and dogs in closed
> location, group photos contains the most common people, etc. Now the differet
> categories are implemented by different directories in the publicly shared
> directory.
> 
> In each category directory, photos with a category (or attribution) can be
> accessed as hard links to the original photo inodes and share the identical
> inodes. All these category directories are created by the AI module, although
> the photos are shared from each users. If a user is identified from a group
> photo, and this user is noticed that the photo is publicly shared. If this user
> doesn't want his face to be shared in public, for an optinal privacy protection
> right, this user can remove the hardlink of the photo which his or her face is
> in, that is he or she can remove the hardlink (dentry) under a publicly shared
> directory which this user doesn't have write permission. Because this user can
> be idnetified as owner of his or her face, and the photo has his face in, he or
> she should have write permission to delete the photo, but no write permission to
> other photos in same category directioy which his or her face is not in.

Well, from what you describe I'd say that the category directories should
just be AI owned rwxrwxrwt dirs (do notice the sticky bit set). This is how
/tmp/ is usually setup. This means that everybody can read the dir,
everybody can delete files but only if they are their owner, everybody can
create files - this is the part you probably don't want but *that* is
pretty easy to restrict by a LSM (practically any one can do this).

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

     prev parent reply	other threads:[~2025-09-17  7:59 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-08  8:33 Coly Li
2025-09-08 10:52 ` Jan Kara
2025-09-08 13:47   ` Coly Li
2025-09-08 15:39   ` Steven Rostedt
2025-09-08 15:42     ` Coly Li
2025-09-08 23:22       ` Randy Dunlap
2025-09-09  1:03         ` Paul Moore
2025-09-10 13:32           ` Coly Li
2025-09-10 19:11             ` Paul Moore
2025-09-16 17:12               ` Coly Li
2025-09-16 18:07                 ` Randy Dunlap
2025-09-17  7:59                 ` Jan Kara [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3kyvpf23r3bgnuwxl2wuan64dfuahnarpzzsn2gxae3hylsva6@gcf4moh5zvol \
    --to=jack@suse.cz \
    --cc=colyli@fnnas.com \
    --cc=ksummit@lists.linux.dev \
    --cc=paul@paul-moore.com \
    --cc=rdunlap@infradead.org \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox