| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090416205503.GA28928@us.ibm.com> Date: Thu, 16 Apr 2009 15:55:03 -0500 From: "Serge E. Hallyn" <serue@...ibm.com> To: Alexey Dobriyan <adobriyan@...il.com> Cc: akpm@...ux-foundation.org, containers@...ts.linux-foundation.org, xemul@...allels.com, dave@...ux.vnet.ibm.com, mingo@...e.hu, orenl@...columbia.edu, hch@...radead.org, torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 19/30] cr: deal with nsproxy Quoting Alexey Dobriyan (adobriyan@...il.com): > To save nsproxy, or to not save nsproxy? > > Don't think much, save it. > > I argue that nsproxy should be removed totally, if someone thinks otherwise. ;-) You've got Oren starting to agree with you too. I personally don't much care in principle, and your code looks very nice. The way you do this and the uts patch, though, you (of course) bypass the CAP_SYS_ADMIN check in copy_namespaces(). Which is fine for your patchset, but a problem if we were to base a compromise patchset on your patchset. It of course also enforces the 'leakage' checks, which again is subject to our whole-container c/r discussion. But again, the code is nice, and I see no problems in it. -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists