Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file'sopener may access task
From: Andy Lutomirski
Date: Fri Oct 04 2013 - 19:08:51 EST
On Fri, Oct 4, 2013 at 3:59 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>
> I'd really like a solution where there are no read or write
> implementations in the entire kernel that check permissions. Failing
> that, just getting it for procfs would be nice. (uid_map, etc will
> probably need to be revoked on unshare for this to work.)
By "check permissions" I mean using anything but f_cred.
uid_map won't need any form of revoke, though -- the stuct file
already points at a particular target ns. I wonder why the
CAP_SYS_ADMIN check is in map_write instead of open, though.
--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/