Re: [PATCH][v2] fanotify: fix permission model of unprivileged group
From: Jan Kara <jack@suse.cz>
Date: 2021-06-08 12:28:32
On Tue 08-06-21 14:21:34, Greg KH wrote:
On Mon, May 24, 2021 at 04:53:21PM +0300, Amir Goldstein wrote:quoted
Reporting event->pid should depend on the privileges of the user that initialized the group, not the privileges of the user reading the events. Use an internal group flag FANOTIFY_UNPRIV to record the fact that the group was initialized by an unprivileged user. To be on the safe side, the premissions to setup filesystem and mount marks now require that both the user that initialized the group and the user setting up the mark have CAP_SYS_ADMIN. Link: https://lore.kernel.org/linux-fsdevel/CAOQ4uxiA77_P5vtv7e83g0+9d7B5W9ZTE4GfQEYbWmfT1rA=VA@mail.gmail.com/ (local) Fixes: 7cea2a3c505e ("fanotify: support limited functionality for unprivileged users") Cc: <redacted> # v5.12+Why is this marked for 5.12+ when 7cea2a3c505e ("fanotify: support limited functionality for unprivileged users") showed up in 5.13-rc1? What am I supposed to do with this for a stable tree submission?
I think Amir got confused and didn't realize the functionality got merged only in 5.13 merge window and I didn't notice when merging the patch either. I'm sorry, please just ignore the fix. Honza -- Jan Kara [off-list ref] SUSE Labs, CR