On Thu, Mar 02, 2023 at 06:41:47PM +0100, Michal Hocko wrote: > On Thu 02-03-23 08:13:54, Suren Baghdasaryan wrote: > [...] > > Let's roll this check without additional changes and then consolidate > > the checking inside psi_trigger_create() in a separate patch. If > > anybody objects to the late permission check we will just revert that > > last change without affecting anything else. > > Permissions checks at write time are problematic because userspace > cannot drop privileges. Also I think it would be an antipattern for how > we do this in general. The permissions can be checked against opener privileges through file->f_cred. This allows dropping privileges, as well as passing the fd to a trusted but unprivileged process to delegate trigger setup. I agree with keeping it in open() for now. But it will matter when we distinguish between privileged and unprivileged trigger parameters.
