On Fri, Oct 9, 2020 at 8:16 PM Vivek Goyal <vgoyal@xxxxxxxxxx> wrote: > > If fc->handle_killpriv_v2 is enabled, we expect file server to clear > suid/sgid/security.capbility upon chown/truncate/write as appropriate. > > Upon truncate (ATTR_SIZE), suid/sgid is cleared only if caller does > not have CAP_FSETID. File server does not know whether caller has > CAP_FSETID or not. Hence set FATTR_KILL_PRIV upon truncate to let > file server know that caller does not have CAP_FSETID and it should > kill suid/sgid as appropriate. > > We don't have to send this information for chown (ATTR_UID/ATTR_GID) > as that always clears suid/sgid irrespective of capabilities of > calling process. I'm undecided on this. Would it hurt to set it on chown? That might make the logic in some servers simpler, no? What would be the drawback of setting FATTR_KILL_PRIV for chown as well? Thanks, Miklos