So, as was kind of alluded to in another part of the thread, what are
you doing about permissions?Â It seems that any user/group permissions
are out the window when you have the kernel itself do the opening of the
char device, right?Â Why is that ok?Â You can pass it _any_ character
device node and away it goes?Â What if you give it a "wrong" one?Â Char
devices are very different from block devices this way.
We could condition any configfs operation on capable(CAP_NET_ADMIN) to
close that hole for now..