| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Nov 2012 02:50:17 -0800 From: "Eric W. Biederman" <ebiederm@...ssion.com> To: <linux-fsdevel@...r.kernel.org> Cc: Linux Containers <containers@...ts.linux-foundation.org>, <linux-kernel@...r.kernel.org>, Al Viro <viro@...IV.linux.org.uk>, "Eric W. Biederman" <ebiederm@...ssion.com> Subject: [PATCH review 1/6] vfs: Allow chroot if you have CAP_SYS_CHROOT in your user namespace From: "Eric W. Biederman" <ebiederm@...ssion.com> Once you are confined to a user namespace applications can not gain privilege and escape the user namespace so there is no longer a reason to restrict chroot. Acked-by: Serge Hallyn <serge.hallyn@...onical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com> --- fs/open.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/fs/open.c b/fs/open.c index 59071f5..182d866 100644 --- a/fs/open.c +++ b/fs/open.c @@ -435,7 +435,7 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) goto dput_and_out; error = -EPERM; - if (!capable(CAP_SYS_CHROOT)) + if (!nsown_capable(CAP_SYS_CHROOT)) goto dput_and_out; error = security_path_chroot(&path); if (error) -- 1.7.5.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists