In a common setup, CIFS file access is tied to the credentials of the regular Linux user, but the local root has no access. If the local root monitors such a CIFS mount point with OPEN_PERM, dentry_open() in fs/notify/fanotify/fanotify_user.c fails with EPERM or EACCES depending on the kernel version. In effect, the whole mount point becomes inaccessible to any user. I understand the question has intricate corner cases and security considerations, but is the common use case insurmountable? When the regular user is opening a file for reading and waiting for a permission to continue, must the file be reopened instead of being "lent" to the content checker via duping the fd? Marko
