Re: [PATCH] userns/capability: Add user namespace capability

Andy Lutomirski writes: > At the risk of pointing out a can of worms, the attack surface also > includes things like the iptables configuration APIs, parsers, and > filter/conntrack/action modules. It is worth noting that module auto-load does not happen if the triggering

Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting

Mike Snitzer writes: > What layer establishes access rights to historically root-only > priviledged block devices? Is it user namespaces? Block devices are weird. Mounts historically have not checked the permissions on the block devices because a mounter has CAP_SYS_ADMIN.

Re: [PATCH 1/2] namespaces: introduce sys_hijack (v10)

Serge E. Hallyn [EMAIL PROTECTED] writes: Quoting Eric W. Biederman ([EMAIL PROTECTED]): Mark Nelson [EMAIL PROTECTED] writes: Hi Paul and Eric, Do you guys have any objections to dropping the hijack_pid() and hijack_cgroup() parts of sys_hijack, leaving just hijack_ns() (see below

Re: [PATCH 1/2] namespaces: introduce sys_hijack (v10)

Mark Nelson [EMAIL PROTECTED] writes: Hi Paul and Eric, Do you guys have any objections to dropping the hijack_pid() and hijack_cgroup() parts of sys_hijack, leaving just hijack_ns() (see below for discussion)? I need to step back and study what is being proposed. My gut feeling is that

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

Serge E. Hallyn [EMAIL PROTECTED] writes: Quoting Eric W. Biederman ([EMAIL PROTECTED]): Perform the split up you talked about above and move the table matching into the LSM hooks. Use something like the iptables action and match to module mapping code so we can have multiple modules

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

Casey Schaufler [EMAIL PROTECTED] writes: --- Eric W. Biederman [EMAIL PROTECTED] wrote: Likely. Until we have a generalized LSM interface with 1000 config options like netfilter I don't expect we will have grounds to talk or agree to a common user space interface. Although I could

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

Serge E. Hallyn [EMAIL PROTECTED] writes: Quoting Eric W. Biederman ([EMAIL PROTECTED]): It really seems to me that the LSM as currently structured creates a large barrier to entry for people who have just this little thing they want to do that is not possible with any existing security

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

Casey Schaufler [EMAIL PROTECTED] writes: --- Eric W. Biederman [EMAIL PROTECTED] wrote: It really seems to me that the LSM as currently structured creates a large barrier to entry for people who have just this little thing they want to do that is not possible with any existing security

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

Stephen Smalley [EMAIL PROTECTED] writes: On Fri, 2007-10-05 at 09:27 -0700, Casey Schaufler wrote: --- Kyle Moffett [EMAIL PROTECTED] wrote: On Oct 05, 2007, at 00:45:17, Eric W. Biederman wrote: Kyle Moffett [EMAIL PROTECTED] writes: On Oct 04, 2007, at 21:44:02, Eric W

Re: [patch] unprivileged mounts update

Serge E. Hallyn [EMAIL PROTECTED] writes: Quoting H. Peter Anvin ([EMAIL PROTECTED]): Miklos Szeredi wrote: Andrew, please skip this patch, for now. Serge found a problem with the fsuid approach: setfsuid(nonzero) will remove filesystem related capabilities. So even if root is

Re: [patch] unprivileged mounts update

Serge E. Hallyn [EMAIL PROTECTED] writes: Quoting Eric W. Biederman ([EMAIL PROTECTED]): Are there other permission checks that mount is doing that we care about. Not mount itself, but in looking up /share/fa/root/home/fa, user fa doesn't have the rights to read /share, and by setting