From: Simon Wunderlich <sw@simonwunderlich.de>
To: b.a.t.m.a.n@lists.open-mesh.org
Cc: Antonio Quartulli <a@unstable.cc>
Subject: Re: [B.A.T.M.A.N.] [PATCH 3/3] alfred: Mount debugfs before reducing capabilities
Date: Fri, 29 Jan 2016 13:14:53 +0100 [thread overview]
Message-ID: <23082646.VzubcaWY7q@prime> (raw)
In-Reply-To: <1453953196-29943-3-git-send-email-andrew@lunn.ch>
[-- Attachment #1: Type: text/plain, Size: 1191 bytes --]
On Thursday 28 January 2016 04:53:15 Andrew Lunn wrote:
> The debugfs helper code has the ability to mount the debugfs file
> system if it is not already mounted. However, it cannot do this
> after the capabilities have been dropped. So perform the mount early.
>
> This is especially important when using network name spaces. Each
> namespace has its own /sys, so the mount of debugfs in the global
> namespace is not visible in other namespaces.
>
> Signed-off-by: Andrew Lunn <andrew@lunn.ch>
> ---
> main.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/main.c b/main.c
> index 452d9ae..b1c5ec5 100644
> --- a/main.c
> +++ b/main.c
> @@ -30,6 +30,7 @@
> #include <unistd.h>
> #endif
> #include "alfred.h"
> +#include "debugfs.h"
> #include "packet.h"
> #include "list.h"
>
> @@ -160,6 +161,9 @@ static struct globals *alfred_init(int argc, char
> *argv[]) {NULL, 0, NULL, 0},
> };
>
> + /* We need full capabilities to mount debugfs, so do that now */
> + debugfs_mount(NULL);
> +
> ret = reduce_capabilities();
> if (ret < 0)
> return NULL;
Can't we remove the other calls to debugfs_mount() ? I see 3 more calls in
alfred ...
Cheers,
Simon
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-01-29 12:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-28 3:53 [B.A.T.M.A.N.] [PATCH 1/3] alfred: vis: Use debugfs_make_path helper Andrew Lunn
2016-01-28 3:53 ` [B.A.T.M.A.N.] [PATCH 2/3] alfred: Add support for network namespaces Andrew Lunn
2016-01-29 12:18 ` Simon Wunderlich
2016-02-02 2:22 ` Andrew Lunn
2016-01-28 3:53 ` [B.A.T.M.A.N.] [PATCH 3/3] alfred: Mount debugfs before reducing capabilities Andrew Lunn
2016-01-29 12:14 ` Simon Wunderlich [this message]
2016-02-02 2:25 ` Andrew Lunn
2016-03-10 15:09 ` Simon Wunderlich
2016-03-10 15:49 ` Andrew Lunn
2016-03-11 13:48 ` [B.A.T.M.A.N.] [PATCH 1/3] alfred: vis: Use debugfs_make_path helper Simon Wunderlich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=23082646.VzubcaWY7q@prime \
--to=sw@simonwunderlich.de \
--cc=a@unstable.cc \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.