[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <87txroxpgq.fsf@xmission.com>
Date: Fri, 14 Dec 2012 14:01:57 -0800
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Linux Containers <containers@...ts.linux-foundation.org>
Cc: <linux-security-module@...r.kernel.org>,
<linux-kernel@...r.kernel.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Andy Lutomirski <luto@...capital.net>,
David Howells <dhowells@...hat.com>
Subject: [PATCH 0/4] user namespace fixes
These are fixes from Andys review of my user namespace tree.
The first two patches are critical must fix fixes.
The third patch fixing commit_creds is a nice to have but fixing it
would be good.
Andy, Serge if you could give these patches a once over to make certain
I am not doing something stupid.
Thank you,
Eric
---
Eric W. Biederman (4):
Fix cap_capable to only allow owners in the parent user namespace to have caps.
userns: Require CAP_SYS_ADMIN for most uses of setns.
userns: Add a more complete capability subset test to commit_creds
userns: Fix typo in description of the limitation of userns_install
fs/namespace.c | 3 ++-
ipc/namespace.c | 3 ++-
kernel/cred.c | 26 +++++++++++++++++++++++++-
kernel/pid_namespace.c | 3 ++-
kernel/user_namespace.c | 2 +-
kernel/utsname.c | 3 ++-
net/core/net_namespace.c | 3 ++-
security/commoncap.c | 25 +++++++++++++++++--------
8 files changed, 53 insertions(+), 15 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists