ebied...@xmission.com (Eric W. Biederman) writes:
> "Serge E. Hallyn" writes:
>
>> Quoting Eric W. Biederman (ebied...@xmission.com):
>>> "Serge E. Hallyn" writes:
>>>
>>> > On Thu, Dec 08, 2016 at 05:43:09PM +1300, Eric W. Biederman wrote:
>>> >> "Serge E. Hallyn" writes:
>>>
>>> >> Any chan
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> "Serge E. Hallyn" writes:
>>
>> > On Thu, Dec 08, 2016 at 05:43:09PM +1300, Eric W. Biederman wrote:
>> >> "Serge E. Hallyn" writes:
>>
>> >> Any chance of a singed-off-by?
>> >
>> > Yes, sorry, Stéphane had poi
Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > On Thu, Dec 08, 2016 at 05:43:09PM +1300, Eric W. Biederman wrote:
> >> "Serge E. Hallyn" writes:
>
> >> Any chance of a singed-off-by?
> >
> > Yes, sorry, Stéphane had pointed out that I'd apparently forgotten
"Serge E. Hallyn" writes:
> On Thu, Dec 08, 2016 at 05:43:09PM +1300, Eric W. Biederman wrote:
>> "Serge E. Hallyn" writes:
>> Any chance of a singed-off-by?
>
> Yes, sorry, Stéphane had pointed out that I'd apparently forgotten to do
> -s. Do you want me to resend the whole shebang, or does
>
"Serge E. Hallyn" writes:
> On Thu, Dec 08, 2016 at 05:43:09PM +1300, Eric W. Biederman wrote:
>> "Serge E. Hallyn" writes:
>>
>> > Root in a user ns cannot be trusted to write a traditional
>> > security.capability xattr. If it were allowed to do so, then any
>> > unprivileged user on the hos
On Thu, Dec 08, 2016 at 05:43:09PM +1300, Eric W. Biederman wrote:
> "Serge E. Hallyn" writes:
>
> > Root in a user ns cannot be trusted to write a traditional
> > security.capability xattr. If it were allowed to do so, then any
> > unprivileged user on the host could map his own uid to root in
"Serge E. Hallyn" writes:
> Root in a user ns cannot be trusted to write a traditional
> security.capability xattr. If it were allowed to do so, then any
> unprivileged user on the host could map his own uid to root in a
> namespace, write the xattr, and execute the file with privilege on the
>
Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
> On 11/25/2016 06:50 PM, Serge E. Hallyn wrote:
> > On Fri, Nov 25, 2016 at 09:33:50AM +0100, Michael Kerrisk (man-pages) wrote:
> >> Hi Serge,
> >>
> >> On 11/24/2016 11:52 PM, Serge E. Hallyn wrote:
> >>> Quoting Michael Kerrisk (man-
On 11/25/2016 06:50 PM, Serge E. Hallyn wrote:
> On Fri, Nov 25, 2016 at 09:33:50AM +0100, Michael Kerrisk (man-pages) wrote:
>> Hi Serge,
>>
>> On 11/24/2016 11:52 PM, Serge E. Hallyn wrote:
>>> Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
>>
>> [...]
>>
Could we have a man-p
On Fri, Nov 25, 2016 at 09:33:50AM +0100, Michael Kerrisk (man-pages) wrote:
> Hi Serge,
>
> On 11/24/2016 11:52 PM, Serge E. Hallyn wrote:
> > Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
>
> [...]
>
> >> Could we have a man-pages patch for this feature? Presumably for
> >> us
Hi Serge,
On 11/24/2016 11:52 PM, Serge E. Hallyn wrote:
> Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
[...]
>> Could we have a man-pages patch for this feature? Presumably for
>> user_namespaces(7) or capabilities(7).
>
> capabilities.7 doesn't actually mention anything abou
Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
> Hi Serge,
>
> On 11/19/2016 04:17 PM, Serge E. Hallyn wrote:
> > Root in a user ns cannot be trusted to write a traditional
> > security.capability xattr. If it were allowed to do so, then any
> > unprivileged user on the host could
Hi Serge,
On 11/19/2016 04:17 PM, Serge E. Hallyn wrote:
> Root in a user ns cannot be trusted to write a traditional
> security.capability xattr. If it were allowed to do so, then any
> unprivileged user on the host could map his own uid to root in a
> namespace, write the xattr, and execute the
"Serge E. Hallyn" writes:
> Root in a user ns cannot be trusted to write a traditional
> security.capability xattr. If it were allowed to do so, then any
> unprivileged user on the host could map his own uid to root in a
> namespace, write the xattr, and execute the file with privilege on the
>
Root in a user ns cannot be trusted to write a traditional
security.capability xattr. If it were allowed to do so, then any
unprivileged user on the host could map his own uid to root in a
namespace, write the xattr, and execute the file with privilege on the
host.
This patch introduces v3 of the
15 matches
Mail list logo
