The previous submission of these patches, and review comments, can be
seen in the thread starting here: https://lkml.org/lkml/2011/10/18/463 .
Since then, patches
have gone upstream, and I've reverted
because it relaxes checks, and right now we want to focus on
The set includes:
This convers the uid for the task sending a signal to the
user namespace of the receiver. It is somewhat analogous
to what is done with the sender's pid.
Waiting on feedback from Oleg, but I believe this patch is
This prevents root in a child user namespace from man-handling
sysctls. With this patch, a task in a child user namespace
will only get the world access rights to sysctls.
This clamps down on cases where privilege to your own user
namespace were checked for access to the initial user namespace.
This adds a struct user_namespace pointer to the net_ns for use
by later patches.
Now that net_ns is owned by a user_ns, cap_netlink_recv() can
target privilege checks to the user_ns owning the resource. The
current check against current_cap() is unsafe.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/