lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jul 2006 12:08:14 -0500 From: "Serge E. Hallyn" <serue@...ibm.com> To: Dave Hansen <haveblue@...ibm.com> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, "Serge E. Hallyn" <serue@...ibm.com>, Cedric Le Goater <clg@...ibm.com>, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...l.org>, Kirill Korotaev <dev@...nvz.org>, Andrey Savochkin <saw@...ru>, Herbert Poetzl <herbert@...hfloor.at>, Sam Vilain <sam.vilain@...alyst.net.nz> Subject: Re: [PATCH -mm 5/7] add user namespace Quoting Dave Hansen (haveblue@...ibm.com): > On Fri, 2006-07-14 at 10:49 -0600, Eric W. Biederman wrote: > > - if (current->fsuid == inode->i_uid) > > + if ((current->fsuid == inode->i_uid) && > > + (current->nsproxy->user_ns == inode->i_sb->user_ns)) > > mode >>= 6; > > I really don't think assigning a user namespace to a superblock is the > right way to go. Seems to me like the _view_ into the filesystem is > what you want to modify. That would seem to me to mean that each > 'struct namespace' (filesystem namespace) or vfsmount would be assigned > a corresponding user namespace, *not* the superblock. yes, of course, vfsmount, which I assume is what Eric meant? Which means we'd have to do this at permission() using the nameidata, or pass nd to generic_permission. -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists