On Wed, 12 Jul 2023 at 02:56, Christian Brauner <brauner@xxxxxxxxxx> wrote: > > Changing the mode of symlinks is meaningless as the vfs doesn't take the > mode of a symlink into account during path lookup permission checking. Hmm. I have this dim memory that we actually used to do that as an extension at one point for the symlinks in /proc. Long long ago. Or maybe it was just a potential plan. Because at least in /proc, the symlinks *do* have protection semantics (ie you can't do readlink() on them or follow them without the right permissions. That said, blocking the mode setting sounds fine, because the proc permissions are basically done separately. However: > if ((ia_valid & ATTR_MODE)) { > + if (S_ISLNK(inode->i_mode)) > + return -EOPNOTSUPP; > + > umode_t amode = attr->ia_mode; The above is not ok. It might compile these days because we have to allow statements before declarations for other reasons, but that doesn't make it ok. Linus