RE: [PATCH v5 0/3] implement OA2_CRED_INHERIT flag for openat2()

From: David Laight
Date: Mon May 06 2024 - 15:35:18 EST

Next message: Andrew Lunn: "Re: [PATCH v3 3/3] net: phy: bcm-phy-lib: Implement BroadR-Reach link modes"
Previous message: David Laight: "RE: [PATCH v3] selftests/vDSO: Explicit unsigned char conversion for elf_hash"
In reply to: Andy Lutomirski: "Re: [PATCH v5 0/3] implement OA2_CRED_INHERIT flag for openat2()"
Next in thread: Andy Lutomirski: "Re: [PATCH v5 0/3] implement OA2_CRED_INHERIT flag for openat2()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

...
> So I want a way to give *an entire container* access to a directory.
> Classic UNIX DAC is just *wrong* for this use case. Maybe idmaps
> could learn a way to squash multiple ids down to one. Or maybe
> something like my silly credential-capturing mount proposal could
> work. But the status quo is not actually amazing IMO.

Isn't that what gids are for :-)

David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Next message: Andrew Lunn: "Re: [PATCH v3 3/3] net: phy: bcm-phy-lib: Implement BroadR-Reach link modes"
Previous message: David Laight: "RE: [PATCH v3] selftests/vDSO: Explicit unsigned char conversion for elf_hash"
In reply to: Andy Lutomirski: "Re: [PATCH v5 0/3] implement OA2_CRED_INHERIT flag for openat2()"
Next in thread: Andy Lutomirski: "Re: [PATCH v5 0/3] implement OA2_CRED_INHERIT flag for openat2()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]