lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 11 Nov 2023 22:23:38 +0530
From:   swarup <swarupkotikalapudi@...il.com>
To:     Shuah Khan <skhan@...uxfoundation.org>
Cc:     shuah@...nel.org, linux-kselftest@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH] selftests: capabilities: namespace create varies for
 root and normal user

On Tue, Nov 07, 2023 at 02:23:34PM -0700, Shuah Khan wrote:
> On 9/29/23 06:53, Swarup Laxman Kotiaklapudi wrote:
> > Change namespace creation for root and non-root
> > user differently in create_and_enter_ns() function
> > 
> 
> Sorry for the delay on reviewing this.
> 
> Can you tell me more about why this change is needed and
> include it in the change log.
> 
> thanks,
> -- Shuah

Hi Shuah,

This patchset was raised to fix below TODO:

"If we're already root, we could skip creating the userns."

Without this patchset, function create_and_enter_ns(),
at this path --> tools/testing/selftests/capabilities/test_execve.c
was as mentioned below:

static bool create_and_enter_ns(uid_t inner_uid)
{
   ....
   if (unshare(CLONE_NEWNS) == 0) {
       ....   
    } else if (unshare(CLONE_NEWUSER | CLONE_NEWNS) == 0) {
       ....
     } else {
                ksft_exit_skip("must be root or be able to create a userns\n");
     }

     ...
}

To fix the TODO, above mentioned if block is executed if root user,
for normal user it enters inside 'else if' block.

Thanks,
Swarup

Powered by blists - more mailing lists