> From: Eric W. Biederman [mailto:ebied...@xmission.com]
>
> I agree there is an inconsistency on the directory permissions for the ns
> directory that could reasonably be fixed.
So you'd recommend taking this patch as-is?
> prctl(PR_SET_DUMPABLE, 0) is an interesting. Fundamentally it is about
"Banerjee, Debabrata" writes:
> Actually, this patch is incomplete. proc_ns_get_link() and
> proc_ns_readlink() gate on ptrace_may_access(task,
> PTRACE_MODE_READ_FSCREDS). I'm not sure why this is here either. It
> seems problematic that after a user creates a pid namespace, that a
> user canno
Actually, this patch is incomplete. proc_ns_get_link() and proc_ns_readlink()
gate on ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS). I'm not sure why
this is here either. It seems problematic that after a user creates a pid
namespace, that a user cannot tell anymore which namespace new pids
This seems like a bug since the original commit 6b4e306aa3dc. Having ns
directory be executable but not readable does not make sense. Further,
it breaks userspace when it needs to know which namespace it belongs
to. For example, setting a process to prctl(PR_SET_DUMPABLE, 0)
immediately hides the n
4 matches
Mail list logo
