On Fri, 29 Nov 2024 at 11:23, Amir Goldstein <amir73il@xxxxxxxxx> wrote: > Currently, watching a sb/mount requires capable(SYS_ADMIN), > but I have a pretty simple patchset [1] to require ns_capable(SYS_ADMIN). > Thing is, I never got feedback from userspace that this is needed [2]. > Seeing that statmount/listmount() requires at most ns_capable(SYS_ADMIN), > I am guessing that you would also want mount monitor to require > at most ns_capable(SYS_ADMIN) rather than capable(SYS_ADMIN)? Yes, allowing this to work in a userns makes sense. > Option #1: do not allow setting FAN_MNT_ events on inode marks (for now) > Option #2: apply the same requirement for sb mark from fanotify_userns patch > to inode mark on group with FAN_REPORT_MNTID. Let's go with #1, as that gives the simplest interface. We can extend that later if needed. Thanks, Miklos
