On Sat, Apr 27, 2024 at 1:24 PM Stas Sergeev <stsp2@xxxxxxxxx> wrote: > This patch-set implements the OA2_CRED_INHERIT flag for openat2() syscall. > It is needed to perform an open operation with the creds that were in > effect when the dir_fd was opened, if the dir was opened with O_CRED_ALLOW > flag. This allows the process to pre-open some dirs and switch eUID > (and other UIDs/GIDs) to the less-privileged user, while still retaining > the possibility to open/create files within the pre-opened directory set. As Andy Lutomirski mentioned before, Linux already has Landlock (https://docs.kernel.org/userspace-api/landlock.html) for unprivileged filesystem sandboxing. What benefits does OA2_CRED_INHERIT have compared to Landlock?
