RE: [PATCH v5 0/3] implement OA2_CRED_INHERIT flag for openat2()

From: David Laight
Date: Mon May 06 2024 - 15:35:18 EST


...
> So I want a way to give *an entire container* access to a directory.
> Classic UNIX DAC is just *wrong* for this use case. Maybe idmaps
> could learn a way to squash multiple ids down to one. Or maybe
> something like my silly credential-capturing mount proposal could
> work. But the status quo is not actually amazing IMO.

Isn't that what gids are for :-)

David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)