lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 14 Aug 2016 21:09:34 -0700 (PDT) From: David Miller <davem@...emloft.net> To: dmitry.torokhov@...il.com Cc: ebiederm@...ssion.com, viro@...iv.linux.org.uk, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH v2 0/3] Make /proc per net namespace objects belong to container From: Dmitry Torokhov <dmitry.torokhov@...il.com> Date: Wed, 10 Aug 2016 14:35:59 -0700 > Currently [almost] all /proc objects belong to the global root, even if > data belongs to a given namespace within a container and (at least for > sysctls) we work around permssions checks to allow container's root to > access the data. > > This series changes ownership of net namespace /proc objects > (/proc/net/self/* and /proc/sys/net/*) to be container's root and not > global root when there exists mapping for container's root in user > namespace. > > This helps when running Android CTS in a container, but I think it makes > sense regardless. > > Changes from V1: > > - added fix for crash when !CONFIG_NET_NS (new patch #1) > - addressed Eric'c comments for error handling style in patch #3 and > added his Ack > - adjusted patch #2 to use the same style of erro handling > - sent out as series instead of separate patches Series applied to net-next, thanks.
Powered by blists - more mailing lists