Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > Quoting Eric W. Biederman (ebied...@xmission.com):
>
> >> A child user namespace having capabilities against processes in it's
> >> parent seems totally bizarre and pretty dangerous from a capabilities
> >>
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> A child user namespace having capabilities against processes in it's
>> parent seems totally bizarre and pretty dangerous from a capabilities
>> standpoint.
>
> How would it have them against its parent?
Linus Torvalds writes:
> On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
> wrote:
>>
>> That said Serge I think I have lost track of the point of your question.
>
> .. and I'm a bit unsure what I should do about this all. Including
> pulling the pull request that actually can make this all
Quoting Linus Torvalds (torva...@linux-foundation.org):
> On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
> wrote:
> >
> > That said Serge I think I have lost track of the point of your question.
>
> .. and I'm a bit unsure what I should do about this all. Including
> pulling the pull
Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
Note: I acked your patch before and still don't object to it.
> > In which case it would be
> >
> >child_user_ns1 [10-19]
> >child_user_ns2 [10-19]
> > child_user_ns3
On Fri, Dec 14, 2012 at 10:43 AM, Linus Torvalds
wrote:
> On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
> wrote:
>>
>> That said Serge I think I have lost track of the point of your question.
>
> .. and I'm a bit unsure what I should do about this all. Including
> pulling the pull request
On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
wrote:
>
> That said Serge I think I have lost track of the point of your question.
.. and I'm a bit unsure what I should do about this all. Including
pulling the pull request that actually can make this all matter.
Hmm? Any consensus?
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> "Serge E. Hallyn" writes:
>>
>> > Quoting Eric W. Biederman (ebied...@xmission.com):
>> >> "Serge E. Hallyn" writes:
>> >>
>> >> > Quoting Eric W. Biederman (ebied...@xmission.com):
>> >> >>
>> >> >> Andy
Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > Quoting Eric W. Biederman (ebied...@xmission.com):
> >> "Serge E. Hallyn" writes:
> >>
> >> > Quoting Eric W. Biederman (ebied...@xmission.com):
> >> >>
> >> >> Andy Lutomirski pointed out that the current
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> "Serge E. Hallyn" writes:
>>
>> > Quoting Eric W. Biederman (ebied...@xmission.com):
>> >>
>> >> Andy Lutomirski pointed out that the current behavior of allowing the
>> >> owner of a user namespace to have all
Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > Quoting Eric W. Biederman (ebied...@xmission.com):
> >>
> >> Andy Lutomirski pointed out that the current behavior of allowing the
> >> owner of a user namespace to have all caps when that owner is not in a
>
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge E. Hallyn se...@hallyn.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to have all caps when that owner is not in a
Serge E. Hallyn se...@hallyn.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge E. Hallyn se...@hallyn.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge E. Hallyn se...@hallyn.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge E. Hallyn se...@hallyn.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
Andy Lutomirski pointed out that the
Serge E. Hallyn se...@hallyn.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge E. Hallyn se...@hallyn.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge E. Hallyn se...@hallyn.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
ebied...@xmission.com wrote:
That said Serge I think I have lost track of the point of your question.
.. and I'm a bit unsure what I should do about this all. Including
pulling the pull request that actually can make this all matter.
Hmm? Any
On Fri, Dec 14, 2012 at 10:43 AM, Linus Torvalds
torva...@linux-foundation.org wrote:
On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
ebied...@xmission.com wrote:
That said Serge I think I have lost track of the point of your question.
.. and I'm a bit unsure what I should do about this
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge E. Hallyn se...@hallyn.com writes:
Note: I acked your patch before and still don't object to it.
In which case it would be
child_user_ns1 [10-19]
child_user_ns2 [10-19]
child_user_ns3
Quoting Linus Torvalds (torva...@linux-foundation.org):
On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
ebied...@xmission.com wrote:
That said Serge I think I have lost track of the point of your question.
.. and I'm a bit unsure what I should do about this all. Including
pulling the
Linus Torvalds torva...@linux-foundation.org writes:
On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
ebied...@xmission.com wrote:
That said Serge I think I have lost track of the point of your question.
.. and I'm a bit unsure what I should do about this all. Including
pulling the pull
Serge E. Hallyn se...@hallyn.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
A child user namespace having capabilities against processes in it's
parent seems totally bizarre and pretty dangerous from a capabilities
standpoint.
How would it have them against its parent?
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge E. Hallyn se...@hallyn.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
A child user namespace having capabilities against processes in it's
parent seems totally bizarre and pretty dangerous from a capabilities
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>>
>> Andy Lutomirski pointed out that the current behavior of allowing the
>> owner of a user namespace to have all caps when that owner is not in a
>> parent user namespace is wrong.
>
> To make sure I understand
Quoting Eric W. Biederman (ebied...@xmission.com):
>
> Andy Lutomirski pointed out that the current behavior of allowing the
> owner of a user namespace to have all caps when that owner is not in a
> parent user namespace is wrong.
To make sure I understand right, the issue is when a uid is
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to have all caps when that owner is not in a
parent user namespace is wrong. Add a test to ensure the owner of a user
namespace is in the parent of the user namespace to fix this bug.
Thankfully this
On Thu, Dec 13, 2012 at 6:33 PM, Eric W. Biederman
wrote:
>
> Andy thank you for your review.
>
> Andy Lutomirski writes:
>> This is confusing enough that I can't immediately tell whether it's
>> correct. I think it's close but out of order.
>
> Yeah. That is the trick. Figuring out how to
Andy thank you for your review.
Andy Lutomirski writes:
> This is confusing enough that I can't immediately tell whether it's
> correct. I think it's close but out of order.
Yeah. That is the trick. Figuring out how to write that code so it is
correct and obvious.
I have added a comment at
On Thu, Dec 13, 2012 at 2:39 PM, Eric W. Biederman
wrote:
>
> Andy Lutomirski pointed out that the current behavior of allowing the
> owner of a user namespace to have all caps when that owner is not in a
> parent user namespace is wrong.
>
> This is a bug introduced by the kuid conversion which
Linus Torvalds writes:
> On Thu, Dec 13, 2012 at 2:39 PM, Eric W. Biederman
> wrote:
>>
>> Andy Lutomirski pointed out that the current behavior of allowing the
>> owner of a user namespace to have all caps when that owner is not in a
>> parent user namespace is wrong.
>>
>> This is a bug
On Thu, Dec 13, 2012 at 2:39 PM, Eric W. Biederman
wrote:
>
> Andy Lutomirski pointed out that the current behavior of allowing the
> owner of a user namespace to have all caps when that owner is not in a
> parent user namespace is wrong.
>
> This is a bug introduced by the kuid conversion which
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to have all caps when that owner is not in a
parent user namespace is wrong.
This is a bug introduced by the kuid conversion which made it possible
for the owner of a user namespace to live in a child
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to have all caps when that owner is not in a
parent user namespace is wrong.
This is a bug introduced by the kuid conversion which made it possible
for the owner of a user namespace to live in a child
On Thu, Dec 13, 2012 at 2:39 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to have all caps when that owner is not in a
parent user namespace is wrong.
This is a bug introduced by the kuid
Linus Torvalds torva...@linux-foundation.org writes:
On Thu, Dec 13, 2012 at 2:39 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to have all caps when that owner is not in a
parent user
On Thu, Dec 13, 2012 at 2:39 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to have all caps when that owner is not in a
parent user namespace is wrong.
This is a bug introduced by the kuid
Andy thank you for your review.
Andy Lutomirski l...@amacapital.net writes:
This is confusing enough that I can't immediately tell whether it's
correct. I think it's close but out of order.
Yeah. That is the trick. Figuring out how to write that code so it is
correct and obvious.
I have
On Thu, Dec 13, 2012 at 6:33 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy thank you for your review.
Andy Lutomirski l...@amacapital.net writes:
This is confusing enough that I can't immediately tell whether it's
correct. I think it's close but out of order.
Yeah. That is the
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to have all caps when that owner is not in a
parent user namespace is wrong. Add a test to ensure the owner of a user
namespace is in the parent of the user namespace to fix this bug.
Thankfully this
Quoting Eric W. Biederman (ebied...@xmission.com):
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to have all caps when that owner is not in a
parent user namespace is wrong.
To make sure I understand right, the issue is when a uid is mapped
Serge E. Hallyn se...@hallyn.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to have all caps when that owner is not in a
parent user namespace is wrong.
To make sure I
40 matches
Mail list logo
