On Mon, Nov 30, 2015 at 02:49:59PM +0300, Konstantin Khlebnikov wrote: > On 30.11.2015 14:30, Willy Tarreau wrote: > >+ /* do not disclose physical addresses: attack vector */ > >+ pm.show_pfn = !cap_capable(current, file->f_cred, CAP_SYS_ADMIN, > >SECURITY_CAP_AUDIT); > >+ > > At first sight this is confusing... but correct. It really returns zero > for success, unlike to new file_ns_capable which returns bool true. Yes, it trapped me as well, the first attempt I made only allowed non-root to read the pagemap! > The rest looks good too. OK thank you. Willy -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html