Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp948746imu; Wed, 16 Jan 2019 10:06:59 -0800 (PST) X-Google-Smtp-Source: ALg8bN7CWWTRH5v1yL7iTfETwU+/RPE8D71YadLgBRB9yoaAAyG5TdhsJHz6gSSR2v0KH/QKIfvV X-Received: by 2002:a62:60c5:: with SMTP id u188mr11122516pfb.4.1547662019050; Wed, 16 Jan 2019 10:06:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547662019; cv=none; d=google.com; s=arc-20160816; b=UAUYExWmn72sitVRE4J82X98drMosD0U9cUS7VGA7eThS0BbPvn/2dKtz6d5eRN2Bo dub+a1fGIpjSv2W8cf/NFOffVQA9J9BkZRuqnIEzyfElYOKIIGNnAMB2aGTS1GC9jn4T RXMLn5uDXXUdmcZoqM4L7kEOinywFpXoSU/xx/Nnoqij3JwaM64pKi5bgqjaSmu7gBLt 67+M3S3efwnkM7uweimygxRb0/5Eu923IRxffqG3MFmR8RaLixcUI/KyiToTA/G9tzI/ QsnF+qMT6WDwTvfrCezi+cz0n1gUA5v7Oo91h34yO6yl5PrPMPlhxOQAIwtOH9lrtZaL 3ggg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=wKtJi+kpHD+7s+/j42vHxJqUCxb1IR/AAoG6kA9Vquc=; b=Od0a0x21fIV5LPPGfLnpBzLOFZAgo7gX0Mx3xjinh0WsEScx1r2zAiq3ReZ4IL5vgB pJxQVElXapj822dkpE837pWvjqkm20gN+yQ3cl45CoZS0LkTq8XdxGl9biuRwEt3Dk5D 3ZiqzOXd/cPk7P4Sp8Wbr2wKGQZB4IoOhTO2Z2EDO1f1oMNiKS0OeOAou/YB53iVALCl G+pM4P9gX9stQ6usnRstYArQCNWUeMZRbG6e4u2L8nhDJJa+OW5r5F4nv/moI/WCRdT+ PBBPvrAZNsI2Or3JxfEJfWrzAiooEFx57jvPQZ7FVKWxQ83VuZ4ipIUrm6DPykZCuEGd RvDA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 2si6907956pla.156.2019.01.16.10.06.27; Wed, 16 Jan 2019 10:06:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732805AbfAPFqc (ORCPT + 99 others); Wed, 16 Jan 2019 00:46:32 -0500 Received: from nautica.notk.org ([91.121.71.147]:36877 "EHLO nautica.notk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728494AbfAPFqb (ORCPT ); Wed, 16 Jan 2019 00:46:31 -0500 Received: by nautica.notk.org (Postfix, from userid 1001) id B9BA3C009; Wed, 16 Jan 2019 06:46:28 +0100 (CET) Date: Wed, 16 Jan 2019 06:46:13 +0100 From: Dominique Martinet To: Linus Torvalds Cc: Andy Lutomirski , Josh Snyder , Dave Chinner , Jiri Kosina , Matthew Wilcox , Jann Horn , Andrew Morton , Greg KH , Peter Zijlstra , Michal Hocko , Linux-MM , kernel list , Linux API Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged Message-ID: <20190116054613.GA11670@nautica> References: <20190110004424.GH27534@dastard> <20190110070355.GJ27534@dastard> <20190110122442.GA21216@nautica> <5c3e7de6.1c69fb81.4aebb.3fec@mx.google.com> <9E337EA6-7CDA-457B-96C6-E91F83742587@amacapital.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Linus Torvalds wrote on Wed, Jan 16, 2019: > *Very* few people want to run their databases as root. In the case of happycache, this isn't the database doing the dump/restore, but a separate process that could have the cap - it's better if we can do without though, and from his readme he runs as user cassandra in the /var/lib/cassandra directory for example so that'd match the file owner. For pgfincore, it's a postgres extension so the main process does it - but it does have files open as write as well as being the owner. > Jiri's original patch kind of acknowledged that by making the new test > be conditional, and off by default. So then it's a "only do this for > lockdown mode, because normal people won't find it acceptable". > > And I'm not a huge fan of that approach. If you don't protect normal > people, then what's the point, really? I agree with that. "Being owner or has cap" (whichever cap) is probably OK. On the other hand, writeability check makes more sense in general - could we somehow check if the user has write access to the file instead of checking if it currently is opened read-write? -- Dominique