[RFC][PATCH 0/2] unprivileged fanotify listener

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jan,

These patches try to implement the minimal set and least controversial
functionality that we can allow for unprivileged users as a starting
point.

I tried to be as conservative as I can with the system limits, but
I wasn't sure how to handle the per group marks limit, so I left both
per group and per user limits which looks quite confusing.

I tested unprivileged listener with Matthew's LTP tests [1].
I do not have test for the sysfs tunables yet, but I verified that
existing LTP tests fail when lowering each of the tunables to 1 and
pass after setting them back up.

I think that the sysfs tunables can be considered even without the
unprivileged listener.

Thanks,
Amir.

[1] https://github.com/amir73il/ltp/commits/fanotify_unpriv

Amir Goldstein (2):
  fanotify: configurable limits via sysfs
  fanotify: support limited functionality for unprivileged users

 fs/notify/fanotify/fanotify.c      |  14 ++-
 fs/notify/fanotify/fanotify_user.c | 155 +++++++++++++++++++++++++----
 fs/notify/fdinfo.c                 |   3 +-
 include/linux/fanotify.h           |  19 ++++
 include/linux/fsnotify_backend.h   |   2 +-
 include/linux/sched/user.h         |   3 -
 include/linux/user_namespace.h     |   4 +
 kernel/sysctl.c                    |  12 ++-
 kernel/ucount.c                    |   4 +
 9 files changed, 183 insertions(+), 33 deletions(-)

-- 
2.25.1




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux