On Wed, Jun 09, 2021 at 11:11:17AM +0200, Paolo Bonzini wrote: > On 09/06/21 10:51, Enrico Weigelt, metux IT consult wrote: > > On 08.06.21 21:00, Jason Gunthorpe wrote: > > > > > Eg I can do open() on a file and I get to keep that FD. I get to keep > > > that FD even if someone later does chmod() on that file so I can't > > > open it again. > > > > > > There are lots of examples where a one time access control check > > > provides continuing access to a resource. I feel the ongoing proof is > > > the rarity in Unix.. 'revoke' is an uncommon concept in Unix.. > > > > Yes, it's even possible that somebody w/ privileges opens an fd and > > hands it over to somebody unprivileged (eg. via unix socket). This is > > a very basic unix concept. If some (already opened) fd now suddenly > > behaves differently based on the current caller, that would be a break > > with traditional unix semantics. > > That's already more or less meaningless for both KVM and VFIO, since they > are tied to an mm. vfio isn't supposed to be tied to a mm. Jason
