* Djalal Harouni <tixxdz@xxxxxxxxxx> wrote: > On Thu, Oct 03, 2013 at 08:22:56AM +0200, Ingo Molnar wrote: > > > > * Djalal Harouni <tixxdz@xxxxxxxxxx> wrote: > > > > > * You can't do it for /proc/*/stat otherwise you will break userspace > > > "ps"..., ps must access /proc/1/stat etc... so the proposed solution > > > will work without any side effect. > > > > The thing is, returning -EINVAL is not the only way to reject access to > > privileged information! > > > In the /proc/1/stat case a compatibility quirk can solve the problem: > > create a special 'dummy' process inode for invalid accesses and give > > it to ps, with all fields present but zero. > > Hmm, we already return zero for the fields that must be protected. > Already done. > > Not all fields need to be zero ? If so, yes it could be done as you > propose and avoid the 'if permitted' test each time... but we don't want > to do it Indeed some fields need to be available, for utilities like 'top' to work. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
