On Fri 16-05-25 21:28:01, Amir Goldstein wrote: > Jan, > > Considering that the review discussion on v2 [1] did not yet converge > and considering that the merge window is very close, I realized > there is a way that we can simplify the controversial part. > > There are two main use cases to allow setting marks inside user ns: > > 1. Christian added support for open_by_handle_at(2) to admin inside > userns, which makes watching FS_USERNS_MOUNT sb more useful. > 2. The mount events added by Miklos would be very useful also inside > userns. > > The rule for watching mntns inside user ns is pretty obvious and so > is the rule for watching an sb inside user ns. > > The complexity discussed in review of v2 revolved around the more > complicated rules for watching fs events on a specific mount inside > users ns. > > My realization is that watching fs events on a mount inside user ns > is a less intersting use case and it is much easier to apply the same > obvious rules as for watching an sb inside user ns and discuss > relaxing them later if there is any interesting use case for that. > > mntns watch inside user ns was tested with the mount-notify_test_ns > selftest [2]. sb/mount watches inside user ns were tested manually > with fsnotifywatch -S and -M with some changes to inotify-tools [3]. > > Thanks, > Amir. Thanks! Patches look good to me and they seem obvious enough now that I've just picked them up. Honza > > Changes since v2: > - selftest merged to Christian's tree > - Change mount mark to require capable sb user ns > - Remove incorrect reference to FS_USERNS_MOUNT in comments (Miklos) > - Avoid unneeded type casting to mntns (Miklos) > > Changes since v1: > - Split cleanup patch (Jan) > - Logic simplified a bit > - Add support for mntns marks inside userns > > [1] https://lore.kernel.org/linux-fsdevel/20250419100657.2654744-1-amir73il@xxxxxxxxx/ > [2] https://lore.kernel.org/linux-fsdevel/20250509133240.529330-1-amir73il@xxxxxxxxx/ > [3] https://github.com/amir73il/inotify-tools/commits/fanotify_userns/ > > Amir Goldstein (2): > fanotify: remove redundant permission checks > fanotify: support watching filesystems and mounts inside userns > > fs/notify/fanotify/fanotify.c | 1 + > fs/notify/fanotify/fanotify_user.c | 50 +++++++++++++++++------------- > include/linux/fanotify.h | 5 ++- > include/linux/fsnotify_backend.h | 1 + > 4 files changed, 33 insertions(+), 24 deletions(-) > > -- > 2.34.1 > -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
