| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZkYKgNltq2hlBzbx@farprobe> Date: Thu, 16 May 2024 09:30:40 -0400 From: Ben Boeckel <me@...boeckel.net> To: Jonathan Calmels <jcalmels@...0.net> Cc: brauner@...nel.org, ebiederm@...ssion.com, Luis Chamberlain <mcgrof@...nel.org>, Kees Cook <keescook@...omium.org>, Joel Granados <j.granados@...sung.com>, Serge Hallyn <serge@...lyn.com>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, David Howells <dhowells@...hat.com>, Jarkko Sakkinen <jarkko@...nel.org>, containers@...ts.linux.dev, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-security-module@...r.kernel.org, keyrings@...r.kernel.org Subject: Re: [PATCH 0/3] Introduce user namespace capabilities On Thu, May 16, 2024 at 02:22:02 -0700, Jonathan Calmels wrote: > Jonathan Calmels (3): > capabilities: user namespace capabilities > capabilities: add securebit for strict userns caps > capabilities: add cap userns sysctl mask > > fs/proc/array.c | 9 ++++ > include/linux/cred.h | 3 ++ > include/linux/securebits.h | 1 + > include/linux/user_namespace.h | 7 +++ > include/uapi/linux/prctl.h | 7 +++ > include/uapi/linux/securebits.h | 11 ++++- > kernel/cred.c | 3 ++ > kernel/sysctl.c | 10 ++++ > kernel/umh.c | 16 +++++++ > kernel/user_namespace.c | 83 ++++++++++++++++++++++++++++++--- > security/commoncap.c | 59 +++++++++++++++++++++++ > security/keys/process_keys.c | 3 ++ > 12 files changed, 204 insertions(+), 8 deletions(-) I note a lack of any changes to `Documentation/` which seems quite glaring for something with such a userspace visibility aspect to it. --Ben
Powered by blists - more mailing lists