On Tue, Mar 12, 2019 at 08:26:33PM +0800, Peter Xu wrote: > On Tue, Mar 12, 2019 at 08:58:30AM +0200, Mike Rapoport wrote: > > [...] > > > > +config USERFAULTFD_UNPRIVILEGED_DEFAULT > > > + string "Default behavior for unprivileged userfault syscalls" > > > + depends on USERFAULTFD > > > + default "disabled" > > > + help > > > + Set this to "enabled" to allow userfaultfd syscalls from > > > + unprivileged users. Set this to "disabled" to forbid > > > + userfaultfd syscalls from unprivileged users. Set this to > > > + "kvm" to forbid unpriviledged users but still allow users > > > + who had enough permission to open /dev/kvm. > > > > I'd phrase it a bit differently: > > > > This option controls privilege level required to execute userfaultfd > ^ > +---- add " the default"? > > > system call. > > > > Set this to "enabled" to allow userfaultfd system call from unprivileged > > users. > > Set this to "disabled" to allow userfaultfd system call only for users who > > have ptrace capability. > > Set this to "kvm" to restrict userfaultfd system call usage to users with > ^ > add " who have ptrace capability, or" -------+ > > > permissions to open "/dev/kvm". > > I think your version is better than mine, but I'd like to confirm > about above two extra changes before I squash them into the patch. :) I like your changes. > Thanks! > > -- > Peter Xu > -- Sincerely yours, Mike.
