On Mon, Jun 10, 2019 at 06:16:12PM -0700, Darrick J. Wong wrote: > On Mon, Jun 10, 2019 at 08:26:06PM +0300, Amir Goldstein wrote: > > read(2) is allowed from a swapfile, so copy_file_range(2) should > > be allowed as well. > > > > Reported-by: Theodore Ts'o <tytso@xxxxxxx> > > Fixes: 96e6e8f4a68d ("vfs: add missing checks to copy_file_range") > > Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx> > > --- > > > > Darrick, > > > > This fixes the generic/554 issue reported by Ted. > > Frankly I think we should go the other way -- non-root doesn't get to > copy from or read from swap files. The issue is that without this patch, *root* doesn't get to copy from swap files. Non-root shouldn't have access via Unix permissions. We could add a special case if we don't trust system administrators to be able to set the Unix permissions correctly, I suppose, but we don't do that for block devices when they are mounted.... - Ted