| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87mwnrht9q.fsf@xmission.com>
Date: Thu, 05 Sep 2013 14:07:29 -0700
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Linux Containers <containers@...ts.linux-foundation.org>,
<linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>,
"Serge E. Hallyn" <serge@...lyn.com>
Subject: [GIT PULL] namespace chnages for 3.12
Linus,
Please pull the for-linus git tree from:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus
HEAD: c7b96acf1456ef127fef461fcfedb54b81fecfbb userns: Kill nsown_capable it makes the wrong thing easy
This tree is against v3.11-rc1
This is an assorted mishmash of small cleanups, enhancements and bug
fixes. The major theme is user namespace mount restrictions.
nsown_capable is killed as it encourages not thinking about details that
need to be considered. A very hard to hit pid namespace exiting bug was
finally tracked and fixed. A couple of cleanups to the basic namespace
infrastructure.
Finally there is an enhancement that makes per user namespace
capabilities usable as capabilities, and an enhancement that allows the
per userns root to nice other processes in the user namespace.
Eric W. Biederman (10):
vfs: Lock in place mounts from more privileged users
proc: Restrict mounting the proc filesystem
vfs: Don't copy mount bind mounts of /proc/<pid>/ns/mnt between namespaces
userns: Better restrictions on when proc and sysfs can be mounted
sysfs: Restrict mounting sysfs
pidns: Fix hang in zap_pid_ns_processes by sending a potentially extra wakeup
namespaces: Simplify copy_namespaces so it is clear what is going on.
userns: Allow PR_CAPBSET_DROP in a user namespace.
pidns: Don't have unshare(CLONE_NEWPID) imply CLONE_THREAD
userns: Kill nsown_capable it makes the wrong thing easy
Raphael S.Carvalho (1):
kernel/nsproxy.c: Improving a snippet of code.
Serge Hallyn (1):
capabilities: allow nice if we are privileged
fs/namespace.c | 121 +++++++++++++++++++++++++++++++---------
fs/open.c | 2 +-
fs/pnode.h | 5 +-
fs/proc/root.c | 6 ++-
fs/sysfs/mount.c | 11 +++-
include/linux/capability.h | 1 -
include/linux/fs.h | 1 +
include/linux/kobject_ns.h | 2 +
include/linux/mount.h | 1 +
include/linux/user_namespace.h | 4 -
ipc/namespace.c | 2 +-
kernel/capability.c | 12 ----
kernel/fork.c | 5 --
kernel/groups.c | 2 +-
kernel/nsproxy.c | 36 ++++--------
kernel/pid.c | 1 +
kernel/pid_namespace.c | 2 +-
kernel/sys.c | 20 +++---
kernel/uid16.c | 2 +-
kernel/user.c | 2 -
kernel/user_namespace.c | 2 -
kernel/utsname.c | 2 +-
lib/kobject.c | 15 +++++
net/core/net-sysfs.c | 8 +++
net/core/net_namespace.c | 2 +-
net/core/scm.c | 4 +-
security/commoncap.c | 10 ++--
27 files changed, 177 insertions(+), 104 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists