hi,
Please excuse me if these are dumb questions. I'm not great at this stuff. :)
In fuse_backing_open() there's a check with an interesting comment:
/* TODO: relax CAP_SYS_ADMIN once backing files are visible to lsof */
res = -EPERM;
if (!fc->passthrough || !capable(CAP_SYS_ADMIN))
goto out;
I've done some research into this but I wasn't able to find any
original discussion about what led to this, or about current plans to
"relax" this restriction -- only speculation about it being a
potential mechanism to "hide" open files.
It would be nice to have an official story about this, on the record.
What's the concrete problem here, and what would it take to solve it?
Are there plans? Is help required? Would it be possible to relax the
check to having CAP_SYS_ADMIN in the userns which owns the mount (ie:
ns_capable(...))? What would it take to do that? It would be
wonderful to be able to use this inside of containers.
The most obvious guess about direction (based on the comment) is that
we need to do something to make sure that fds that are registered with
backing IDs remain visible in the output of `lsof` even after the
original fd is closed?
Thanks in advance for any information you can give. Even if the
answer is "no, it's impossible" it would be great to have that on
record.
Cheers
lis
