On 12/4/23 11:40 AM, Jeff Moyer wrote: > Finally, as Jens mentioned, I would expect dropping priviliges to, you > know, drop privileges. I don't think a commit message is going to be > enough documentation for a change like this. Only thing I can think of here is to cache the state in task->io_uring->something, and then ensure those are invalidated whenever caps change. It's one of those cases where that's probably only done once, but we do need to be able to catch it. Not convinced that caching it at ring creation is sane enough, even if it is kind of like opening devices before privs are dropped where you could not otherwise re-open them later on. -- Jens Axboe
