Hi Eric, (sorry, I don't seem to have the email I actually wanted to reply to in my mbox, but it is https://lists.linuxcontainers.org/pipermail/lxc-devel/2013-October/005857.html)
You'd said, > Someone needs to read and think through all of the corner cases and see > if we can ever have a time when task_dumpable is false but root in the > container would not or should not be able to see everything. > > In particular I am worried about the case of a setuid app calling setns, > and entering a lesser privileged user namespace. In my foggy mind that > might be a security problem. And there might be other similar crazy > cases. Can we make use of current->mm->exe_file->f_cred->user_ns? So either always use make_kgid(current->mm->exe_file->f_cred->user_ns, 0) instead of make_kuid(cred->user_ns, 0), or check that (current->mm->exe_file->f_cred->user_ns == cred->user_ns) and, if not, assume that the caller has done a setns? -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
