On Fri, 2023-05-19 at 18:21 +0100, David Howells wrote: > > Set mode 0600 on files in the cache so that cachefilesd can run as an > unprivileged user rather than leaving the files all with 0. Directories > are already set to 0700. > > Userspace then needs to set the uid and gid before issuing the "bind" > command and the cache must've been chown'd to those IDs. > > Signed-off-by: David Howells <dhowells@xxxxxxxxxx> > cc: David Howells <dhowells@xxxxxxxxxx> > cc: Jeff Layton <jlayton@xxxxxxxxxx> > cc: linux-cachefs@xxxxxxxxxx > cc: linux-erofs@xxxxxxxxxxxxxxxx > cc: linux-fsdevel@xxxxxxxxxxxxxxx > --- > fs/cachefiles/namei.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c > index 82219a8f6084..66482c193e86 100644 > --- a/fs/cachefiles/namei.c > +++ b/fs/cachefiles/namei.c > @@ -451,7 +451,8 @@ struct file *cachefiles_create_tmpfile(struct cachefiles_object *object) > > ret = cachefiles_inject_write_error(); > if (ret == 0) { > - file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath, S_IFREG, > + file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath, > + S_IFREG | 0600, > O_RDWR | O_LARGEFILE | O_DIRECT, > cache->cache_cred); > ret = PTR_ERR_OR_ZERO(file); > Seems safe enough, and if it helps allow this to run unprivileged then: Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx> -- Linux-cachefs mailing list Linux-cachefs@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/linux-cachefs