> From: Eric W. Biederman [mailto:ebied...@xmission.com]
>
> I agree there is an inconsistency on the directory permissions for the ns
> directory that could reasonably be fixed.
So you'd recommend taking this patch as-is?
> prctl(PR_SET_DUMPABLE, 0) is an interesting. Fundamentally it is about
"Banerjee, Debabrata" writes:
> Actually, this patch is incomplete. proc_ns_get_link() and
> proc_ns_readlink() gate on ptrace_may_access(task,
> PTRACE_MODE_READ_FSCREDS). I'm not sure why this is here either. It
> seems problematic that after a user creates a pid namespace, that a
> user canno
Actually, this patch is incomplete. proc_ns_get_link() and proc_ns_readlink()
gate on ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS). I'm not sure why
this is here either. It seems problematic that after a user creates a pid
namespace, that a user cannot tell anymore which namespace new pids
3 matches
Mail list logo
