From: Amir Goldstein <amir73il@gmail.com>
To: Jan Kara <jack@suse.cz>
Cc: Matthew Bobrowski <mbobrowski@mbobrowski.org>,
linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org
Subject: [RFC][PATCH 0/2] unprivileged fanotify listener
Date: Sun, 24 Jan 2021 20:42:02 +0200 [thread overview]
Message-ID: <20210124184204.899729-1-amir73il@gmail.com> (raw)
Jan,
These patches try to implement the minimal set and least controversial
functionality that we can allow for unprivileged users as a starting
point.
I tried to be as conservative as I can with the system limits, but
I wasn't sure how to handle the per group marks limit, so I left both
per group and per user limits which looks quite confusing.
I tested unprivileged listener with Matthew's LTP tests [1].
I do not have test for the sysfs tunables yet, but I verified that
existing LTP tests fail when lowering each of the tunables to 1 and
pass after setting them back up.
I think that the sysfs tunables can be considered even without the
unprivileged listener.
Thanks,
Amir.
[1] https://github.com/amir73il/ltp/commits/fanotify_unpriv
Amir Goldstein (2):
fanotify: configurable limits via sysfs
fanotify: support limited functionality for unprivileged users
fs/notify/fanotify/fanotify.c | 14 ++-
fs/notify/fanotify/fanotify_user.c | 155 +++++++++++++++++++++++++----
fs/notify/fdinfo.c | 3 +-
include/linux/fanotify.h | 19 ++++
include/linux/fsnotify_backend.h | 2 +-
include/linux/sched/user.h | 3 -
include/linux/user_namespace.h | 4 +
kernel/sysctl.c | 12 ++-
kernel/ucount.c | 4 +
9 files changed, 183 insertions(+), 33 deletions(-)
--
2.25.1
next reply other threads:[~2021-01-24 18:43 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-24 18:42 Amir Goldstein [this message]
2021-01-24 18:42 ` [RFC][PATCH 1/2] fanotify: configurable limits via sysfs Amir Goldstein
2021-02-16 16:27 ` Jan Kara
2021-02-16 18:02 ` Amir Goldstein
2021-02-17 10:25 ` Jan Kara
2021-02-18 18:57 ` Amir Goldstein
2021-02-19 9:01 ` Amir Goldstein
2021-01-24 18:42 ` [RFC][PATCH 2/2] fanotify: support limited functionality for unprivileged users Amir Goldstein
2021-02-16 17:01 ` Jan Kara
2021-02-16 18:12 ` Amir Goldstein
2021-02-19 16:16 ` Amir Goldstein
2021-02-23 17:16 ` Amir Goldstein
2021-02-24 10:52 ` Jan Kara
2021-02-24 12:58 ` Amir Goldstein
2021-02-24 13:37 ` Amir Goldstein
2021-02-24 17:29 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210124184204.899729-1-amir73il@gmail.com \
--to=amir73il@gmail.com \
--cc=jack@suse.cz \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mbobrowski@mbobrowski.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).