| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jan 2011 00:31:14 +0000 From: "Serge E. Hallyn" <serge@...lyn.com> To: Bastian Blank <bastian@...di.eu.org>, containers@...ts.linux-foundation.org, kernel list <linux-kernel@...r.kernel.org>, LSM <linux-security-module@...r.kernel.org> Subject: Re: [PATCH 4/7] allow killing tasks in your own or child userns Quoting Bastian Blank (bastian@...di.eu.org): > On Tue, Jan 11, 2011 at 01:31:52AM +0000, Serge E. Hallyn wrote: > > Quoting Bastian Blank (bastian@...di.eu.org): > > > What is this flag used for anyway? I only see it used in the accounting > > > stuff, and if every user can get it, it is not longer useful. > > hm, I'm not sure... maybe noone is using it! > > This flag is from pre-git. > > The only information is: > | #define ASU 0x02 /* ... used super-user privileges */ > > However with your patches (or at least the goal), everyone is super-user > in derived namespaces. No, a task just sitting in a derived ns won't necessarily need/use super-user privileges... (and, if we ever get far enough along, it won't even necessarily have CAP_SYS_ADMIN/etc targeted to the parent userns, bc it won't need those to do the unshares). thanks, -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists