On Fri, Oct 4, 2013 at 3:59 PM, Andy Lutomirski <l...@amacapital.net> wrote: > > I'd really like a solution where there are no read or write > implementations in the entire kernel that check permissions. Failing > that, just getting it for procfs would be nice. (uid_map, etc will > probably need to be revoked on unshare for this to work.)
By "check permissions" I mean using anything but f_cred. uid_map won't need any form of revoke, though -- the stuct file already points at a particular target ns. I wonder why the CAP_SYS_ADMIN check is in map_write instead of open, though. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
