Hello, Amir is working on exposing part of fanotify functionality (fanotify is filesystem notification events framework) to unpriviledged processes (currently fanotify is restricted to CAP_SYS_ADMIN only). The initial plan is to expose the functionality already provided by inotify and then expand on that. Now there's one thing I was wondering about: Fanotify reports PID of the process that caused the filesystem event (open, read, write, ...) together with the event. Is this information safe to be exposed to unpriviledged process as well? I'd say PID of a process doing IO is not very sensitive information but OTOH I don't know of a way how it could be obtained currently by an unpriviledged user so maybe it could be misused in some way. Any opinions on that? Thanks for ideas. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
