| From: |
| Amir Goldstein <amir73il-AT-gmail.com> |
| To: |
| Jan Kara <jack-AT-suse.cz> |
| Subject: |
| [RFC][PATCH 0/2] unprivileged fanotify listener |
| Date: |
| Sun, 24 Jan 2021 20:42:02 +0200 |
| Message-ID: |
| <20210124184204.899729-1-amir73il@gmail.com> |
| Cc: |
| Matthew Bobrowski <mbobrowski-AT-mbobrowski.org>, linux-fsdevel-AT-vger.kernel.org, linux-api-AT-vger.kernel.org |
| Archive-link: |
| Article |
Jan,
These patches try to implement the minimal set and least controversial
functionality that we can allow for unprivileged users as a starting
point.
I tried to be as conservative as I can with the system limits, but
I wasn't sure how to handle the per group marks limit, so I left both
per group and per user limits which looks quite confusing.
I tested unprivileged listener with Matthew's LTP tests [1].
I do not have test for the sysfs tunables yet, but I verified that
existing LTP tests fail when lowering each of the tunables to 1 and
pass after setting them back up.
I think that the sysfs tunables can be considered even without the
unprivileged listener.
Thanks,
Amir.
[1] https://github.com/amir73il/ltp/commits/fanotify_unpriv
Amir Goldstein (2):
fanotify: configurable limits via sysfs
fanotify: support limited functionality for unprivileged users
fs/notify/fanotify/fanotify.c | 14 ++-
fs/notify/fanotify/fanotify_user.c | 155 +++++++++++++++++++++++++----
fs/notify/fdinfo.c | 3 +-
include/linux/fanotify.h | 19 ++++
include/linux/fsnotify_backend.h | 2 +-
include/linux/sched/user.h | 3 -
include/linux/user_namespace.h | 4 +
kernel/sysctl.c | 12 ++-
kernel/ucount.c | 4 +
9 files changed, 183 insertions(+), 33 deletions(-)
--
2.25.1
