[PATCH 2/2] security.capability: fix conversions on getxattr

Miklos Szeredi miklos at szeredi.hu
Thu Jan 28 20:38:00 UTC 2021

On Thu, Jan 28, 2021 at 9:24 PM Eric W. Biederman <ebiederm at xmission.com> wrote:

> <aside>
> From our previous discussions I would also argue it would be good
> if there was a bypass that skipped all conversions if the reader
> and the filesystem are in the same user namespace.
> </aside>

That's however just an optimization (AFAICS) that only makes sense if
it helps a read world workload.   I'm not convinced that that's the


More information about the Linux-security-module-archive mailing list