Skip to content

Reduce priviliges required to query btrfs volumes #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 12, 2023
Merged

Reduce priviliges required to query btrfs volumes #5

merged 1 commit into from
Mar 12, 2023

Conversation

@leth
Copy link
Contributor

@leth leth commented Mar 12, 2023

In prometheus/node_exporter#2632 we figured out that O_NOATIME was increasing the privileges needed!

From the open man page

O_NOATIME (since Linux 2.6.8)
              Do not update the file last access time (st_atime in the
              inode) when the file is [read(2)](https://man7.org/linux/man-pages/man2/read.2.html).

              This flag can be employed only if one of the following
              conditions is true:

              *  The effective UID of the process matches the owner UID
                 of the file.

              *  The calling process has the CAP_FOWNER capability in
                 its user namespace and the owner UID of the file has a
                 mapping in the namespace.

@leth leth force-pushed the run-as-non-root branch from 1c25f7b to 1d77559 Compare March 12, 2023 21:07
@dennwc dennwc self-assigned this Mar 12, 2023
dennwc
dennwc approved these changes Mar 12, 2023
View reviewed changes
Copy link
Owner

@dennwc dennwc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thank you!

@dennwc dennwc merged commit a1f570b into dennwc:master Mar 12, 2023
@leth leth deleted the run-as-non-root branch March 12, 2023 21:20
@leth leth mentioned this pull request Mar 12, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dennwc dennwc dennwc approved these changes

Assignees

@dennwc dennwc

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leth @dennwc