| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160216180551.GN3741@mtj.duckdns.org> Date: Tue, 16 Feb 2016 13:05:51 -0500 From: Tejun Heo <tj@...nel.org> To: serge.hallyn@...ntu.com Cc: linux-kernel@...r.kernel.org, adityakali@...gle.com, linux-api@...r.kernel.org, containers@...ts.linux-foundation.org, cgroups@...r.kernel.org, lxc-devel@...ts.linuxcontainers.org, akpm@...ux-foundation.org, ebiederm@...ssion.com, gregkh@...uxfoundation.org, lizefan@...wei.com, hannes@...xchg.org, Serge Hallyn <serge.hallyn@...onical.com> Subject: Re: [PATCH 8/8] Add FS_USERNS_FLAG to cgroup fs On Fri, Jan 29, 2016 at 02:54:11AM -0600, serge.hallyn@...ntu.com wrote: > From: Serge Hallyn <serge.hallyn@...ntu.com> > > allowing root in a non-init user namespace to mount it. This should > now be safe, because > > 1. non-init-root cannot mount a previously unbound subsystem > 2. the task doing the mount must be privileged with respect to the > user namespace owning the cgroup namespace > 3. the mounted subsystem will have its current cgroup as the root dentry. > the permissions will be unchanged, so tasks will receive no new > privilege over the cgroups which they did not have on the original > mounts. > > Signed-off-by: Serge Hallyn <serge.hallyn@...onical.com> Applied 1-8 to cgroup/for-4.6-ns w/ trivial stylistic updates. Thanks. -- tejun
Powered by blists - more mailing lists