The problem with chmod 000 is that it is simply ignored for the owner of
the namespace (verified with kprobe for security_capable [1]),
previously it worked only cause there was a check for uid explicitly in
FS::canRead/canWrite.
[1]: cat-10561 [001] 1340776.172944: security_capable_retprobe: (capable_wrt_inode_uidgid+0x40/0x70 <- security_capable) arg1=0xffffffff
0xffffffff is -1 and it is EPERM
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
* Remove disk restart proxy and disk decorator
* Automatic style fix
* Returned some trash back
* Fix build again
* Fix failing test
Co-authored-by: robot-clickhouse <robot-clickhouse@users.noreply.github.com>
