"Serge E. Hallyn" writes:
[snip]
> A patch to linux-test-project adding a new set of tests for this
> functionality is in the nsfscaps branch at github.com/hallyn/ltp
>
> Changelog:
>Nov 02 2016: fix invalid check at refuse_fcap_overwrite()
>Nov 07 2016: convert rootid
"Serge E. Hallyn" writes:
[snip]
> A patch to linux-test-project adding a new set of tests for this
> functionality is in the nsfscaps branch at github.com/hallyn/ltp
>
> Changelog:
>Nov 02 2016: fix invalid check at refuse_fcap_overwrite()
>Nov 07 2016: convert rootid from and to fs
Root in a non-initial user ns cannot be trusted to write a traditional
security.capability xattr. If it were allowed to do so, then any
unprivileged user on the host could map his own uid to root in a private
namespace, write the xattr, and execute the file with privilege on the
host.
However
Root in a non-initial user ns cannot be trusted to write a traditional
security.capability xattr. If it were allowed to do so, then any
unprivileged user on the host could map his own uid to root in a private
namespace, write the xattr, and execute the file with privilege on the
host.
However
4 matches
Mail list logo