On Mon, Nov 30, 2015 at 08:01:36AM +0100, Willy Tarreau wrote:
> On Mon, Nov 30, 2015 at 01:54:22AM +0000, Ben Hutchings wrote:
> > On Sun, 2015-11-29 at 22:47 +0100, Willy Tarreau wrote:
> > This is wrong; see
> > <https://marc.info/?l=linux-api&m=143144321020852&w=2>.
> 
> Damned, and I now remember this discussion. The worst thing is that
> I purposely booted a machine to test the fix and was happy with it,
> I forgot this point :-(
> 
> > For 2.6.32 perhaps you could retain the capability check at open time
> > but store the result in private state for use at read time.
> 
> I'll see if it is possible to opencode security_capable() with 2.6.32's
> infrastructure, and how far this brings us. Or maybe we should even drop
> this one completely and leave pagemap readable only for superuser on
> 2.6.32, it doesn't seem to be that big of a deal either.

It was easy enough to open-code security_capable() in the end. I've
tested this version which works fine for me here. If that's OK for you
I'll emit an -rc2 with the last two patches.

Thanks,
Willy