Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file'sopener may access task

From: Andy Lutomirski
Date: Fri Oct 04 2013 - 19:08:51 EST

Next message: Gene Heskett: "Re: [PATCH v2 3/6] PowerCap: Added to drivers build"
Previous message: Andy Lutomirski: "Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file'sopener may access task"
In reply to: Andy Lutomirski: "Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file'sopener may access task"
Next in thread: Eric W. Biederman: "Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 4, 2013 at 3:59 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>
> I'd really like a solution where there are no read or write
> implementations in the entire kernel that check permissions. Failing
> that, just getting it for procfs would be nice. (uid_map, etc will
> probably need to be revoked on unshare for this to work.)

By "check permissions" I mean using anything but f_cred.

uid_map won't need any form of revoke, though -- the stuct file
already points at a particular target ns. I wonder why the
CAP_SYS_ADMIN check is in map_write instead of open, though.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Gene Heskett: "Re: [PATCH v2 3/6] PowerCap: Added to drivers build"
Previous message: Andy Lutomirski: "Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file'sopener may access task"
In reply to: Andy Lutomirski: "Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file'sopener may access task"
Next in thread: Eric W. Biederman: "Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]