On Fri, Oct 4, 2013 at 3:59 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > > I'd really like a solution where there are no read or write > implementations in the entire kernel that check permissions. Failing > that, just getting it for procfs would be nice. (uid_map, etc will > probably need to be revoked on unshare for this to work.) By "check permissions" I mean using anything but f_cred. uid_map won't need any form of revoke, though -- the stuct file already points at a particular target ns. I wonder why the CAP_SYS_ADMIN check is in map_write instead of open, though. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
