Jan, These patches try to implement the minimal set and least controversial functionality that we can allow for unprivileged users as a starting point. I tried to be as conservative as I can with the system limits, but I wasn't sure how to handle the per group marks limit, so I left both per group and per user limits which looks quite confusing. I tested unprivileged listener with Matthew's LTP tests [1]. I do not have test for the sysfs tunables yet, but I verified that existing LTP tests fail when lowering each of the tunables to 1 and pass after setting them back up. I think that the sysfs tunables can be considered even without the unprivileged listener. Thanks, Amir. [1] https://github.com/amir73il/ltp/commits/fanotify_unpriv Amir Goldstein (2): fanotify: configurable limits via sysfs fanotify: support limited functionality for unprivileged users fs/notify/fanotify/fanotify.c | 14 ++- fs/notify/fanotify/fanotify_user.c | 155 +++++++++++++++++++++++++---- fs/notify/fdinfo.c | 3 +- include/linux/fanotify.h | 19 ++++ include/linux/fsnotify_backend.h | 2 +- include/linux/sched/user.h | 3 - include/linux/user_namespace.h | 4 + kernel/sysctl.c | 12 ++- kernel/ucount.c | 4 + 9 files changed, 183 insertions(+), 33 deletions(-) -- 2.25.1
