subject:"\[PATCH v3 1\/2\] tiocsti\-restrict \: Add owner user namespace to tty_struct"

Re: [PATCH v3 1/2] tiocsti-restrict : Add owner user namespace to tty_struct

2017-04-23 Thread Serge E. Hallyn

Quoting Matt Brown (m...@nmatt.com): > On 04/23/2017 09:09 PM, Serge E. Hallyn wrote: > >Quoting Matt Brown (m...@nmatt.com): > >>This patch adds struct user_namespace *owner_user_ns to the tty_struct. > >>Then it is set to current_user_ns() in the alloc_tty_struct function. > >> > >>This is done t

Re: [PATCH v3 1/2] tiocsti-restrict : Add owner user namespace to tty_struct

2017-04-23 Thread Matt Brown

On 04/23/2017 09:09 PM, Serge E. Hallyn wrote: Quoting Matt Brown (m...@nmatt.com): This patch adds struct user_namespace *owner_user_ns to the tty_struct. Then it is set to current_user_ns() in the alloc_tty_struct function. This is done to facilitate capability checks against the original use

Re: [PATCH v3 1/2] tiocsti-restrict : Add owner user namespace to tty_struct

2017-04-23 Thread Serge E. Hallyn

Quoting Matt Brown (m...@nmatt.com): > This patch adds struct user_namespace *owner_user_ns to the tty_struct. > Then it is set to current_user_ns() in the alloc_tty_struct function. > > This is done to facilitate capability checks against the original user > namespace that allocated the tty. > >

[PATCH v3 1/2] tiocsti-restrict : Add owner user namespace to tty_struct

2017-04-23 Thread Matt Brown

This patch adds struct user_namespace *owner_user_ns to the tty_struct. Then it is set to current_user_ns() in the alloc_tty_struct function. This is done to facilitate capability checks against the original user namespace that allocated the tty. E.g. ns_capable(tty->owner_user_ns,CAP_SYS_ADMIN)