| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160930222618.GB30208@dtor-ws>
Date: Fri, 30 Sep 2016 15:26:18 -0700
From: Dmitry Torokhov <dmitry.torokhov@...il.com>
To: David Miller <davem@...emloft.net>
Cc: viro@...iv.linux.org.uk, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org, ebiederm@...ssion.com
Subject: Re: [PATCH v2 3/3] net: make net namespace sysctls belong to
container's owner
On Fri, Sep 30, 2016 at 01:21:27AM -0400, David Miller wrote:
> From: Dmitry Torokhov <dmitry.torokhov@...il.com>
> Date: Thu, 29 Sep 2016 08:46:05 -0700
>
> > Hi David,
> >
> > On Wed, Aug 10, 2016 at 2:36 PM, Dmitry Torokhov
> > <dmitry.torokhov@...il.com> wrote:
> >> If net namespace is attached to a user namespace let's make container's
> >> root owner of sysctls affecting said network namespace instead of global
> >> root.
> >>
> >> This also allows us to clean up net_ctl_permissions() because we do not
> >> need to fudge permissions anymore for the container's owner since it now
> >> owns the objects in question.
> >>
> >> Acked-by: "Eric W. Biederman" <ebiederm@...ssion.com>
> >> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@...il.com>
> >
> > I was looking at linux-next today, and I noticed that, when you merged
> > my patch, you basically reverted the following commit:
> >
> > commit d6e0d306449bcb5fa3c80e7a3edf11d45abf9ae9
> > Author: Tyler Hicks <tyhicks@...onical.com>
> > Date: Thu Jun 2 23:43:22 2016 -0500
> >
> > net: Use ns_capable_noaudit() when determining net sysctl permissions
>
> Please send me a fixup patch for this, sorry.
Just did, look for <20160930222431.GA30208@...r-ws>
Thanks.
--
Dmitry
Powered by blists - more mailing lists