Jan, These patches try to implement a minimal set and least controversial functionality that we can allow for unprivileged users as a starting point. The patches were tested on top of v5.12-rc1 and the fanotify_merge patches using the unprivileged listener LTP tests written by Matthew and another LTP tests I wrote to test the sysfs tunable limits [1]. Thanks, Amir. Changes since v1: - Dropped marks per group limit in favor of max per user - Rename sysfs files from 'listener' to 'group' terminology - Dropped internal group flag FANOTIFY_UNPRIV - Limit unprivileged listener to FAN_REPORT_FID family - Report event->pid depending on reader capabilities [1] https://github.com/amir73il/ltp/commits/fanotify_unpriv Amir Goldstein (2): fanotify: configurable limits via sysfs fanotify: support limited functionality for unprivileged users fs/notify/fanotify/fanotify.c | 16 ++- fs/notify/fanotify/fanotify_user.c | 152 ++++++++++++++++++++++++----- fs/notify/fdinfo.c | 3 +- fs/notify/group.c | 1 - fs/notify/mark.c | 4 - include/linux/fanotify.h | 36 ++++++- include/linux/fsnotify_backend.h | 6 +- include/linux/sched/user.h | 3 - include/linux/user_namespace.h | 4 + kernel/sysctl.c | 12 ++- kernel/ucount.c | 4 + 11 files changed, 194 insertions(+), 47 deletions(-) -- 2.30.0
