Waiman Long <long...@redhat.com> writes:
> On 05/01/2018 10:18 PM, Eric W. Biederman wrote:
>>
>>> The sysctl parameters msgmni, shmmni and semmni have an inherent limit
>>> of IPC_MNI (32k). However, users may not be aware of that because they
>>> can w
> The sysctl parameters msgmni, shmmni and semmni have an inherent limit
> of IPC_MNI (32k). However, users may not be aware of that because they
> can write a value much higher than that without getting any error or
> notification. Reading the parameters back will show the newly written
>
Khalid Aziz writes:
> On 02/07/2018 12:38 AM, ebied...@xmission.com wrote:
>> Khalid Aziz writes:
>>
>>> On 02/01/2018 07:29 PM, ebied...@xmission.com wrote:
Khalid Aziz writes:
> V11 changes:
> This
Khalid Aziz writes:
> On 02/01/2018 07:29 PM, ebied...@xmission.com wrote:
>> Khalid Aziz writes:
>>
>>> V11 changes:
>>> This series is same as v10 and was simply rebased on 4.15 kernel. Can
>>> mm maintainers please review patches 2, 7, 8 and 9
Khalid Aziz writes:
> V11 changes:
> This series is same as v10 and was simply rebased on 4.15 kernel. Can
> mm maintainers please review patches 2, 7, 8 and 9 which are arch
> independent, and include/linux/mm.h and mm/ksm.c changes in patch 10
> and ack these if
Ram Pai <linux...@us.ibm.com> writes:
> On Fri, Jan 19, 2018 at 10:09:41AM -0600, Eric W. Biederman wrote:
>> Ram Pai <linux...@us.ibm.com> writes:
>>
>> > Currently the architecture specific code is expected to
>> > display the protection keys
Ram Pai writes:
> Currently the architecture specific code is expected to
> display the protection keys in smap for a given vma.
> This can lead to redundant code and possibly to divergent
> formats in which the key gets displayed.
>
> This patch changes the
Ram Pai writes:
> diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
> index d4e545d..fe1e7c7 100644
> --- a/arch/powerpc/kernel/traps.c
> +++ b/arch/powerpc/kernel/traps.c
> @@ -20,6 +20,7 @@
> #include
> #include
> #include
> +#include
>
Peter Zijlstra <pet...@infradead.org> writes:
> On Wed, Aug 03, 2016 at 09:50:37PM -0500, Eric W. Biederman wrote:
>
>> What this means in practice is user namespaces can be enabled by default
>> on a system, and yet you can easily disable them in a sandbox that was
>&g
Peter Zijlstra writes:
> On Wed, Aug 03, 2016 at 11:53:41AM -0700, Kees Cook wrote:
>> > Kees Cook writes:
>> >
>> >> On Tue, Aug 2, 2016 at 1:30 PM, Peter Zijlstra
>> >> wrote:
>> >> Let me take this another way instead. What
Sigh.
Kees we have already had this conversation about user namespaces and
apparently you missed the point.
As I have said before the problem with a system wide off switch is what
happens when you have a single application that needs to use the
feature. Without care your system wide protection
Topi Miettinen <toiwo...@gmail.com> writes:
> On 06/24/16 17:21, Eric W. Biederman wrote:
>> "Serge E. Hallyn" <se...@hallyn.com> writes:
>>
>>> Quoting Tejun Heo (t...@kernel.org):
>>>> Hello,
>>>>
>>>> On Fri, J
"Serge E. Hallyn" writes:
> Quoting Tejun Heo (t...@kernel.org):
>> Hello,
>>
>> On Fri, Jun 24, 2016 at 10:59:16AM -0500, Serge E. Hallyn wrote:
>> > Quoting Tejun Heo (t...@kernel.org):
>> > > But isn't being recursive orthogonal to using cgroup? Why not account
>> > >
Kees Cook writes:
> + if (sysctl_userns_restrict && !(capable(CAP_SYS_ADMIN) &&
> + capable(CAP_SETUID) &&
> + capable(CAP_SETGID)))
> + return -EPERM;
> +
I will also note that the
Kees Cook <keesc...@chromium.org> writes:
>
> Well, I don't know about less weird, but it would leave a unneeded
> hole in the permission checks.
To be clear the current patch has my:
Nacked-by: "Eric W. Biederman" <ebied...@xmission.com>
The code is buggy, an
Jann Horn <j...@thejh.net> writes:
> On Sun, Jan 24, 2016 at 01:43:42AM +, Al Viro wrote:
>> On Sat, Jan 23, 2016 at 07:20:17PM -0600, Eric W. Biederman wrote:
>>
>> > Yep. That is about the size of it. file * used to be passed to the
>> > sysctl m
Jann Horn <j...@thejh.net> writes:
> On Sun, Jan 24, 2016 at 12:02:41AM -0600, Eric W. Biederman wrote:
>> Jann Horn <j...@thejh.net> writes:
>>
>> > On Sun, Jan 24, 2016 at 01:43:42AM +, Al Viro wrote:
>> >> On Sat, Jan 23, 2
Kees Cook writes:
> Several sysctls expect a state where the highest value (in extra2) is
> locked once set for that boot. Yama does this, and kptr_restrict should
> be doing it. This extracts Yama's logic and adds it to the existing
> proc_dointvec_minmax_sysadmin, taking
18 matches
Mail list logo