Re: [PATCH bpf-next] selftests/bpf: don't call fsopen() as privileged user

From: Christian Brauner
Date: Wed Jul 02 2025 - 04:33:07 EST

Next message: Andreas Hindborg: "Re: [PATCH v5 04/10] rust: sync: atomic: Add generic atomics"
Previous message: Jann Horn: "[PATCH v2] x86/mm: Disable hugetlb page table sharing on 32-bit"
In reply to: patchwork-bot+netdevbpf: "Re: [PATCH bpf-next] selftests/bpf: don't call fsopen() as privileged user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 01, 2025 at 08:31:23PM +0200, Matteo Croce wrote:
> From: Matteo Croce <teknoraver@xxxxxxxx>
>
> In the BPF token example, the fsopen() syscall is called as privileged
> user. This is unneeded because fsopen() can be called also as
> unprivileged user from the user namespace.
> As the `fs_fd` file descriptor which was sent back and fort is still the
> same, keep it open instead of cloning and closing it twice via SCM_RIGHTS.
>
> cfr. https://github.com/systemd/systemd/pull/36134
>
> Signed-off-by: Matteo Croce <teknoraver@xxxxxxxx>
> ---

Thanks!
Acked-by: Christian Brauner <brauner@xxxxxxxxxx>

Next message: Andreas Hindborg: "Re: [PATCH v5 04/10] rust: sync: atomic: Add generic atomics"
Previous message: Jann Horn: "[PATCH v2] x86/mm: Disable hugetlb page table sharing on 32-bit"
In reply to: patchwork-bot+netdevbpf: "Re: [PATCH bpf-next] selftests/bpf: don't call fsopen() as privileged user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]