On Mon, Jul 04, 2016 at 11:11:00AM +0200, Jan Kara wrote: > On Sat 02-07-16 12:33:29, Eric W. Biederman wrote: > > In Q_XSETQLIMIT use sb->s_user_ns to detect when we are dealing with > > the filesystems notion of id 0. > > Hum, is it really usable? Basically the tool calling Q_XSETQLIMIT would > have to be aware of the namespace the filesystem is mounted in to be able > to perform the desired operation (and if it gets is wrong, there's > possibility it would just silently set the timers for some user instead of > for all users). Generally userspace does not need to be aware of the namespace. The user id passed from userspace is translated based on its namespace, and if that kqid doesn't map into s_user_ns the Q_XSETQLIM operation fails. But it requires going to some trouble and having CAP_SYS_ADMIN towards the relevant namespaces to give processes not in s_user_ns visibility to the mount, so that isn't going to be a common scenario. If some user does set up such a scenario then it doesn't seem to be asking too much for them to be aware of the limitations. Thanks, Seth -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html