On Thu, Oct 03, 2013 at 08:12:44AM +0200, Ingo Molnar wrote: > So please first get consensus on this fundamental design question before > spreading your solution to more areas. Check file_ns_capable() added in commit 935d8aabd4331 by Linus Add file_ns_capable() helper function for open-time capability checking commit 6708075f104c3c9b0 by Eric, userns: Don't let unprivileged users trick privileged users into setting the id_map So they add file_ns_capable() to inspect file->f_cred during ->write() The difference between the function I've added proc_allow_access() and file_ns_capable() is that proc_allow_access() will check if it's absolutely the same user, otherwise fallback to security_capable() which is the heart of file_ns_capable() So it's already been done and proposed! this is an easy solution to detect if current's cred have changed. > Thanks, > > Ingo -- Djalal Harouni http://opendz.org -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
