From mboxrd@z Thu Jan  1 00:00:00 1970
From: Christoph Hellwig <hch@infradead.org>
Subject: Re: [patch 5/5] VFS: allow filesystem to override mknod capability checks
Date: Fri, 21 Sep 2007 13:45:04 +0100
Message-ID: <20070921124504.GC8088@infradead.org>
References: <20070921122343.307289079@szeredi.hu> <20070921123336.095183254@szeredi.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: akpm@linux-foundation.org, hch@infradead.org,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
To: Miklos Szeredi <miklos@szeredi.hu>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from pentafluge.infradead.org ([213.146.154.40]:49411 "EHLO
	pentafluge.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752941AbXIUMpG (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Fri, 21 Sep 2007 08:45:06 -0400
Content-Disposition: inline
In-Reply-To: <20070921123336.095183254@szeredi.hu>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Fri, Sep 21, 2007 at 02:23:48PM +0200, Miklos Szeredi wrote:
> From: Miklos Szeredi <mszeredi@suse.cz>
> 
> Add a new filesystem flag, that results in the VFS not checking if the
> current process has enough privileges to do an mknod().
> 
> This is needed on filesystems, where an unprivileged user may be able
> to create a device node, without causing security problems.

A user should never be able to create devices.  And no, I don't want to
see a filesystem that implements it's own file operations for device nodes.