Re: [PATCH v2 02/10] userns: Add per user namespace sysctls.

David Miller writes: > From: ebied...@xmission.com (Eric W. Biederman) > Date: Mon, 25 Jul 2016 19:44:50 -0500 > >> User namespaces have enabled unprivileged users access to a lot more >> data structures and so to catch programs that go crazy we need a lot >> more limits. I believe some of those

Re: [PATCH v2 02/10] userns: Add per user namespace sysctls.

From: ebied...@xmission.com (Eric W. Biederman) Date: Mon, 25 Jul 2016 19:44:50 -0500 > User namespaces have enabled unprivileged users access to a lot more > data structures and so to catch programs that go crazy we need a lot > more limits. I believe some of those limits make sense per namespac

Re: [PATCH v2 02/10] userns: Add per user namespace sysctls.

David Miller writes: > From: ebied...@xmission.com (Eric W. Biederman) > Date: Mon, 25 Jul 2016 19:02:01 -0500 > >>Which means this change gets has to wait for next cycle. > > Ok. For clarity I intend to merge these changes through the userns tree, when the issues are resolved. I Cc

Re: [PATCH v2 02/10] userns: Add per user namespace sysctls.

From: ebied...@xmission.com (Eric W. Biederman) Date: Mon, 25 Jul 2016 19:02:01 -0500 >Which means this change gets has to wait for next cycle. Ok.

Re: [PATCH v2 02/10] userns: Add per user namespace sysctls.

"Eric W. Biederman" writes: > Limit per userns sysctls to only be opened for write by a holder > of CAP_SYS_RESOURCE. > > Add all of the necessary boilerplate for having per user namespace > sysctls. > @@ -141,6 +215,7 @@ void free_user_ns(struct user_namespace *ns) > > do { >

[PATCH v2 02/10] userns: Add per user namespace sysctls.

Limit per userns sysctls to only be opened for write by a holder of CAP_SYS_RESOURCE. Add all of the necessary boilerplate for having per user namespace sysctls. Signed-off-by: "Eric W. Biederman" --- include/linux/user_namespace.h | 4 ++ kernel/user_namespace.c| 96 ++