Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp948746imu;
        Wed, 16 Jan 2019 10:06:59 -0800 (PST)
X-Google-Smtp-Source: ALg8bN7CWWTRH5v1yL7iTfETwU+/RPE8D71YadLgBRB9yoaAAyG5TdhsJHz6gSSR2v0KH/QKIfvV
X-Received: by 2002:a62:60c5:: with SMTP id u188mr11122516pfb.4.1547662019050;
        Wed, 16 Jan 2019 10:06:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547662019; cv=none;
        d=google.com; s=arc-20160816;
        b=UAUYExWmn72sitVRE4J82X98drMosD0U9cUS7VGA7eThS0BbPvn/2dKtz6d5eRN2Bo
         dub+a1fGIpjSv2W8cf/NFOffVQA9J9BkZRuqnIEzyfElYOKIIGNnAMB2aGTS1GC9jn4T
         RXMLn5uDXXUdmcZoqM4L7kEOinywFpXoSU/xx/Nnoqij3JwaM64pKi5bgqjaSmu7gBLt
         67+M3S3efwnkM7uweimygxRb0/5Eu923IRxffqG3MFmR8RaLixcUI/KyiToTA/G9tzI/
         QsnF+qMT6WDwTvfrCezi+cz0n1gUA5v7Oo91h34yO6yl5PrPMPlhxOQAIwtOH9lrtZaL
         3ggg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=wKtJi+kpHD+7s+/j42vHxJqUCxb1IR/AAoG6kA9Vquc=;
        b=Od0a0x21fIV5LPPGfLnpBzLOFZAgo7gX0Mx3xjinh0WsEScx1r2zAiq3ReZ4IL5vgB
         pJxQVElXapj822dkpE837pWvjqkm20gN+yQ3cl45CoZS0LkTq8XdxGl9biuRwEt3Dk5D
         3ZiqzOXd/cPk7P4Sp8Wbr2wKGQZB4IoOhTO2Z2EDO1f1oMNiKS0OeOAou/YB53iVALCl
         G+pM4P9gX9stQ6usnRstYArQCNWUeMZRbG6e4u2L8nhDJJa+OW5r5F4nv/moI/WCRdT+
         PBBPvrAZNsI2Or3JxfEJfWrzAiooEFx57jvPQZ7FVKWxQ83VuZ4ipIUrm6DPykZCuEGd
         RvDA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 2si6907956pla.156.2019.01.16.10.06.27;
        Wed, 16 Jan 2019 10:06:59 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732805AbfAPFqc (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Wed, 16 Jan 2019 00:46:32 -0500
Received: from nautica.notk.org ([91.121.71.147]:36877 "EHLO nautica.notk.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728494AbfAPFqb (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 16 Jan 2019 00:46:31 -0500
Received: by nautica.notk.org (Postfix, from userid 1001)
        id B9BA3C009; Wed, 16 Jan 2019 06:46:28 +0100 (CET)
Date:   Wed, 16 Jan 2019 06:46:13 +0100
From:   Dominique Martinet <asmadeus@codewreck.org>
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     Andy Lutomirski <luto@amacapital.net>,
        Josh Snyder <joshs@netflix.com>,
        Dave Chinner <david@fromorbit.com>,
        Jiri Kosina <jikos@kernel.org>,
        Matthew Wilcox <willy@infradead.org>,
        Jann Horn <jannh@google.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Greg KH <gregkh@linuxfoundation.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Michal Hocko <mhocko@suse.com>, Linux-MM <linux-mm@kvack.org>,
        kernel list <linux-kernel@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged
Message-ID: <20190116054613.GA11670@nautica>
References: <20190110004424.GH27534@dastard>
 <CAHk-=wg1jSQ-gq-M3+HeTBbDs1VCjyiwF4gqnnBhHeWizyrigg@mail.gmail.com>
 <20190110070355.GJ27534@dastard>
 <CAHk-=wigwXV_G-V1VxLs6BAvVkvW5=Oj+xrNHxE_7yxEVwoe3w@mail.gmail.com>
 <20190110122442.GA21216@nautica>
 <CAHk-=wip2CPrdOwgF0z4n2tsdW7uu+Egtcx9Mxxe3gPfPW_JmQ@mail.gmail.com>
 <5c3e7de6.1c69fb81.4aebb.3fec@mx.google.com>
 <CAHk-=wgF9p9xNzZei_-ejGLy1bJf4VS1C5E9_V0kCTEpCkpCTQ@mail.gmail.com>
 <9E337EA6-7CDA-457B-96C6-E91F83742587@amacapital.net>
 <CAHk-=wjqkbjL2_BwUYxJxJhdadiw6Zx-Yu_mK3E6P7kG3wSGcQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAHk-=wjqkbjL2_BwUYxJxJhdadiw6Zx-Yu_mK3E6P7kG3wSGcQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Linus Torvalds wrote on Wed, Jan 16, 2019:
> *Very* few people want to run their databases as root.

In the case of happycache, this isn't the database doing the
dump/restore, but a separate process that could have the cap - it's
better if we can do without though, and from his readme he runs as user
cassandra in the /var/lib/cassandra directory for example so that'd
match the file owner.

For pgfincore, it's a postgres extension so the main process does it -
but it does have files open as write as well as being the owner.

> Jiri's original patch kind of acknowledged that by making the new test
> be conditional, and off by default. So then it's a "only do this for
> lockdown mode, because normal people won't find it acceptable".
> 
> And I'm not a huge fan of that approach. If you don't protect normal
> people, then what's the point, really?

I agree with that. 
"Being owner or has cap" (whichever cap) is probably OK.
On the other hand, writeability check makes more sense in general -
could we somehow check if the user has write access to the file instead
of checking if it currently is opened read-write?

-- 
Dominique