that refers to a user namespace, returns the
namespace type (one of the CLONE_NEW* constants).
Signed-off-by: Michael Kerrisk <mtk-manpa...@gmail.com>
---
fs/nsfs.c | 2 ++
include/uapi/linux/nsfs.h | 3 +++
2 files changed, 5 insertions(+)
diff --git a/fs/nsfs.c b/fs/nsfs.c
that refers to a user namespace, returns the
namespace type (one of the CLONE_NEW* constants).
Signed-off-by: Michael Kerrisk
---
fs/nsfs.c | 2 ++
include/uapi/linux/nsfs.h | 3 +++
2 files changed, 5 insertions(+)
diff --git a/fs/nsfs.c b/fs/nsfs.c
index 8c9fb29..5d53476 100644
an example program that makes use of the new ioctl() operations.
8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---
/* ns_capable.c
(C) 2016 Michael Kerrisk, <mtk.manpa...@gmail.com>
Licensed under the GNU General Public License v2 or later.
Test whether a p
an example program that makes use of the new ioctl() operations.
8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---
/* ns_capable.c
(C) 2016 Michael Kerrisk,
Licensed under the GNU General Public License v2 or later.
Test whether a process (identified by PID) might
Hello Eric,
On 01/25/2017 11:41 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" <mtk.manpa...@gmail.com> writes:
>
>> Hi Eric,
>>
>> Do you have any input for this small patch set? I've still to tweak a
>> comment as suggested
Hello Eric,
On 01/25/2017 11:41 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hi Eric,
>>
>> Do you have any input for this small patch set? I've still to tweak a
>> comment as suggested by Trevor King, but otherwise I
Hi Eric,
Do you have any input for this small patch set? I've still to tweak a
comment as suggested by Trevor King, but otherwise I'd like to know if
this is good to go for the next merge window.
Cheers,
Michael
On 23 December 2016 at 22:54, Michael Kerrisk (man-pages)
<mtk.manpa...@gmail.
Hi Eric,
Do you have any input for this small patch set? I've still to tweak a
comment as suggested by Trevor King, but otherwise I'd like to know if
this is good to go for the next merge window.
Cheers,
Michael
On 23 December 2016 at 22:54, Michael Kerrisk (man-pages)
wrote:
> I would l
On 17 January 2017 at 14:19, W. Trevor King <wk...@tremily.us> wrote:
> On Tue, Jan 17, 2017 at 02:03:29PM +1300, Michael Kerrisk (man-pages) wrote:
>> + case NS_GET_OWNER_UID:
>> + if (ns->ops->type != CLONE_NEWUSER)
>> +
On 17 January 2017 at 14:19, W. Trevor King wrote:
> On Tue, Jan 17, 2017 at 02:03:29PM +1300, Michael Kerrisk (man-pages) wrote:
>> + case NS_GET_OWNER_UID:
>> + if (ns->ops->type != CLONE_NEWUSER)
>> + return -EINVAL;
>> +
Furthermore,
preadv(), preadv2(), pwritev(), and pwritev2() can also fail for
the same reasons as lseek(2).
And in the write(2) page, we have:
EFAULT buf is outside your accessible address space.
Does this not cover the case you describe?
Cheers,
Michael
--
Michael K
e,
preadv(), preadv2(), pwritev(), and pwritev2() can also fail for
the same reasons as lseek(2).
And in the write(2) page, we have:
EFAULT buf is outside your accessible address space.
Does this not cover the case you describe?
Cheers,
Michael
--
Michael Kerrisk
Linux man-p
) UID of the creator of the user namespace
referred to by the specified file descriptor.
If the supplied file descriptor does not refer to a user namespace,
the operation fails with the error EINVAL.
Acked-by: Andrey Vagin <ava...@openvz.org>
Signed-off-by: Michael Kerrisk <mtk-manpa...@
) UID of the creator of the user namespace
referred to by the specified file descriptor.
If the supplied file descriptor does not refer to a user namespace,
the operation fails with the error EINVAL.
Acked-by: Andrey Vagin
Signed-off-by: Michael Kerrisk
---
Open questions:
Should the type
that refers to a user namespace, returns the
namespace type (one of the CLONE_NEW* constants).
Signed-off-by: Michael Kerrisk <mtk-manpa...@gmail.com>
---
fs/nsfs.c | 2 ++
include/uapi/linux/nsfs.h | 3 +++
2 files changed, 5 insertions(+)
diff --git a/fs/nsfs.c b/fs/nsfs.c
that refers to a user namespace, returns the
namespace type (one of the CLONE_NEW* constants).
Signed-off-by: Michael Kerrisk
---
fs/nsfs.c | 2 ++
include/uapi/linux/nsfs.h | 3 +++
2 files changed, 5 insertions(+)
diff --git a/fs/nsfs.c b/fs/nsfs.c
index 8c9fb29..5d53476 100644
an example program that makes use of the new ioctl() operations.
8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---
/* ns_capable.c
(C) 2016 Michael Kerrisk, <mtk.manpa...@gmail.com>
Licensed under the GNU General Public License v2 or later.
Test whether a p
an example program that makes use of the new ioctl() operations.
8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---
/* ns_capable.c
(C) 2016 Michael Kerrisk,
Licensed under the GNU General Public License v2 or later.
Test whether a process (identified by PID) might
Hello Andrei,
On 24 December 2016 at 14:16, Andrei Vagin <ava...@virtuozzo.com> wrote:
> On Fri, Dec 23, 2016 at 10:54:53AM +0100, Michael Kerrisk (man-pages) wrote:
>> I'd like to write code that discovers the user namespace hierarchy on
>> a running system, and also shows
Hello Andrei,
On 24 December 2016 at 14:16, Andrei Vagin wrote:
> On Fri, Dec 23, 2016 at 10:54:53AM +0100, Michael Kerrisk (man-pages) wrote:
>> I'd like to write code that discovers the user namespace hierarchy on
>> a running system, and also shows who owns the various
that refers to a user namespace, returns the
namespace type (one of the CLONE_NEW* constants).
Signed-off-by: Michael Kerrisk <mtk-manpa...@gmail.com>
---
fs/nsfs.c | 2 ++
include/uapi/linux/nsfs.h | 3 +++
2 files changed, 5 insertions(+)
diff --git a/fs/nsfs.c b/fs/nsfs.c
that refers to a user namespace, returns the
namespace type (one of the CLONE_NEW* constants).
Signed-off-by: Michael Kerrisk
---
fs/nsfs.c | 2 ++
include/uapi/linux/nsfs.h | 3 +++
2 files changed, 5 insertions(+)
diff --git a/fs/nsfs.c b/fs/nsfs.c
index 8718af8..9f24b47 100644
an example program that makes use of the new ioctl() operations.
8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---
/* ns_capable.c
(C) 2016 Michael Kerrisk, <mtk.manpa...@gmail.com>
Licensed under the GNU General Public License v2 or later.
Test whether a p
) UID of the creator of the user namespace
referred to by the specified file descriptor.
If the supplied file descriptor does not refer to a user namespace,
the operation fails with the error EINVAL.
Signed-off-by: Michael Kerrisk <mtk-manpa...@gmail.com>
---
V2 changes:
* Renamed ioctl(
an example program that makes use of the new ioctl() operations.
8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---
/* ns_capable.c
(C) 2016 Michael Kerrisk,
Licensed under the GNU General Public License v2 or later.
Test whether a process (identified by PID) might
) UID of the creator of the user namespace
referred to by the specified file descriptor.
If the supplied file descriptor does not refer to a user namespace,
the operation fails with the error EINVAL.
Signed-off-by: Michael Kerrisk
---
V2 changes:
* Renamed ioctl() from NS_CREATOR_UID
Hi Eric,
On 12/22/2016 01:27 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" <mtk.manpa...@gmail.com> writes:
>
>> Hi Eric,
>>
>> On 12/21/2016 01:17 AM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" <mtk.ma
Hi Eric,
On 12/22/2016 01:27 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hi Eric,
>>
>> On 12/21/2016 01:17 AM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>>>
>>&
Hi Andrei,
On 12/21/2016 04:13 AM, Andrei Vagin wrote:
> On Mon, Dec 19, 2016 at 03:38:35PM +0100, Michael Kerrisk (man-pages) wrote:
>> # Some open questions about this patch below.
>> #
>> One of the rules regarding capabilities is:
>>
>> A process that
Hi Andrei,
On 12/21/2016 04:13 AM, Andrei Vagin wrote:
> On Mon, Dec 19, 2016 at 03:38:35PM +0100, Michael Kerrisk (man-pages) wrote:
>> # Some open questions about this patch below.
>> #
>> One of the rules regarding capabilities is:
>>
>> A process that
Hi Eric,
On 12/21/2016 01:17 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" <mtk.manpa...@gmail.com> writes:
>
>> Hi Eric,
>>
>> On 12/20/2016 09:22 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" <mtk.ma
Hi Eric,
On 12/21/2016 01:17 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hi Eric,
>>
>> On 12/20/2016 09:22 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>>>
>>>
Hi Eric,
On 12/20/2016 09:22 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" <mtk.manpa...@gmail.com> writes:
>
>> Hello Eric,
>>
>> On 12/19/2016 11:53 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" <mtk
Hi Eric,
On 12/20/2016 09:22 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hello Eric,
>>
>> On 12/19/2016 11:53 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>>>
>>>&
Hello Eric,
On 12/19/2016 11:53 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" <mtk.manpa...@gmail.com> writes:
>
>> Eric,
>>
>> The code proposed in this patch series is pretty small. Is there any
>> chance we could make the 4.10 m
Hello Eric,
On 12/19/2016 11:53 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Eric,
>>
>> The code proposed in this patch series is pretty small. Is there any
>> chance we could make the 4.10 merge window, if the changes seem
.
If the supplied file descriptor does not refer to a user namespace,
the operation fails with the error EINVAL.
Signed-off-by: Michael Kerrisk <mtk-manpa...@gmail.com>
---
fs/nsfs.c | 6 ++
include/uapi/linux/nsfs.h | 8 +---
2 files changed, 11 insertions(+), 3 del
.
If the supplied file descriptor does not refer to a user namespace,
the operation fails with the error EINVAL.
Signed-off-by: Michael Kerrisk
---
fs/nsfs.c | 6 ++
include/uapi/linux/nsfs.h | 8 +---
2 files changed, 11 insertions(+), 3 deletions(-)
Open questions:
* Would
ace, I get the parent user namespace of Y, which is not
what I want).
This patch therefore adds a new ioctl(), NS_GET_NSTYPE, which, given
a file descriptor that refers to a user namespace, returns the
namespace type (one of the CLONE_NEW* constants).
Signed-off-by: Michael Kerrisk <mtk-manpa
ace, I get the parent user namespace of Y, which is not
what I want).
This patch therefore adds a new ioctl(), NS_GET_NSTYPE, which, given
a file descriptor that refers to a user namespace, returns the
namespace type (one of the CLONE_NEW* constants).
Signed-off-by: Michael Kerrisk
---
.
Here's an example program that makes use of the new ioctl() operations.
8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---
/* ns_capable.c
(C) 2016 Michael Kerrisk, <mtk.manpa...@gmail.com>
Licensed under the GNU General Public License v2 or later.
*/
#d
.
Here's an example program that makes use of the new ioctl() operations.
8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---
/* ns_capable.c
(C) 2016 Michael Kerrisk,
Licensed under the GNU General Public License v2 or later.
*/
#define _GNU_SOURCE
#include
#include
On 12/16/2016 09:10 PM, Serge E. Hallyn wrote:
> Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
>> On 12/16/2016 01:44 AM, Casey Schaufler wrote:
>>> On 12/15/2016 4:31 PM, John Stultz wrote:
>>>> On Thu, Dec 15, 2016 at 12:40 PM, Casey Schaufler
>&
On 12/16/2016 09:10 PM, Serge E. Hallyn wrote:
> Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
>> On 12/16/2016 01:44 AM, Casey Schaufler wrote:
>>> On 12/15/2016 4:31 PM, John Stultz wrote:
>>>> On Thu, Dec 15, 2016 at 12:40 PM, Casey Schaufler
>&
Hello David,
On 12/15/2016 11:10 AM, David Howells wrote:
> Michael Kerrisk (man-pages) <mtk.manpa...@gmail.com> wrote:
>
>>>│Is 'keyring' allowed to be 0? Reading the source, it │
>>>│appears so. In this case, by default, the
Hello David,
On 12/15/2016 11:10 AM, David Howells wrote:
> Michael Kerrisk (man-pages) wrote:
>
>>>│Is 'keyring' allowed to be 0? Reading the source, it │
>>>│appears so. In this case, by default, the key is │
>>>│assign
Hi Willy,
On 12/17/2016 08:04 AM, Willy Tarreau wrote:
> Hi Michael,
>
> On Fri, Dec 16, 2016 at 12:08:33PM +0100, Michael Kerrisk (man-pages) wrote:
>> Hello Willy,
>>
>> Your commit 712f4aad406bb1 ("unix: properly account for FDs passed over
>> un
Hi Willy,
On 12/17/2016 08:04 AM, Willy Tarreau wrote:
> Hi Michael,
>
> On Fri, Dec 16, 2016 at 12:08:33PM +0100, Michael Kerrisk (man-pages) wrote:
>> Hello Willy,
>>
>> Your commit 712f4aad406bb1 ("unix: properly account for FDs passed over
>> un
On 12/15/2016 09:40 PM, Casey Schaufler wrote:
> On 12/15/2016 11:41 AM, Michael Kerrisk (man-pages) wrote:
>> Hello Casey,
>>
>> On 12/15/2016 05:29 PM, Casey Schaufler wrote:
>>> On 12/15/2016 3:40 AM, Michael Kerrisk (man-pages) wrote:
[...]
>>>
On 12/15/2016 09:40 PM, Casey Schaufler wrote:
> On 12/15/2016 11:41 AM, Michael Kerrisk (man-pages) wrote:
>> Hello Casey,
>>
>> On 12/15/2016 05:29 PM, Casey Schaufler wrote:
>>> On 12/15/2016 3:40 AM, Michael Kerrisk (man-pages) wrote:
[...]
>>>
On 12/16/2016 01:44 AM, Casey Schaufler wrote:
> On 12/15/2016 4:31 PM, John Stultz wrote:
>> On Thu, Dec 15, 2016 at 12:40 PM, Casey Schaufler
>> <ca...@schaufler-ca.com> wrote:
>>> On 12/15/2016 11:41 AM, Michael Kerrisk (man-pages) wrote:
>>>> On
On 12/16/2016 01:44 AM, Casey Schaufler wrote:
> On 12/15/2016 4:31 PM, John Stultz wrote:
>> On Thu, Dec 15, 2016 at 12:40 PM, Casey Schaufler
>> wrote:
>>> On 12/15/2016 11:41 AM, Michael Kerrisk (man-pages) wrote:
>>>> On 12/15/2016 05:29 PM, Casey Schaufl
the RLIMIT_NOFILE
resource limit.
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
the RLIMIT_NOFILE
resource limit.
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
Hello Casey,
On 12/15/2016 05:29 PM, Casey Schaufler wrote:
> On 12/15/2016 3:40 AM, Michael Kerrisk (man-pages) wrote:
>> Hello all,
>>
>> Because the topic every now then comes up "which capability
>> should I associate with the new feature that I'm adding to
&
Hello Casey,
On 12/15/2016 05:29 PM, Casey Schaufler wrote:
> On 12/15/2016 3:40 AM, Michael Kerrisk (man-pages) wrote:
>> Hello all,
>>
>> Because the topic every now then comes up "which capability
>> should I associate with the new feature that I'm adding to
&
use" capability. Thus, for example, the addition
of the highly specific CAP_WAKE_ALARM was probably a mistake.
Instead, try to identify and name your new capability as a
broader silo into which other related future use cases might
fit.
--
Michael
use" capability. Thus, for example, the addition
of the highly specific CAP_WAKE_ALARM was probably a mistake.
Instead, try to identify and name your new capability as a
broader silo into which other related future use cases might
fit.
--
Michael
On 12/15/2016 01:46 AM, Andrei Vagin wrote:
> On Sun, Dec 11, 2016 at 12:54:56PM +0100, Michael Kerrisk (man-pages) wrote:
>> [was: [PATCH 0/4 v3] Add an interface to discover relationships
>> between namespaces]
>>
>> Hello Andrei
>>
>> See below for my att
On 12/15/2016 01:46 AM, Andrei Vagin wrote:
> On Sun, Dec 11, 2016 at 12:54:56PM +0100, Michael Kerrisk (man-pages) wrote:
>> [was: [PATCH 0/4 v3] Add an interface to discover relationships
>> between namespaces]
>>
>> Hello Andrei
>>
>> See below for my att
Hi David,
Might you also have a chance to take a look at this page?
Cheers,
Michael
On 4 November 2016 at 16:45, Michael Kerrisk (man-pages)
<mtk.manpa...@gmail.com> wrote:
> Hi David (and anyone else with an interest to review)
>
> Triggered by Eugene Syromyatnikov
Hi David,
Might you also have a chance to take a look at this page?
Cheers,
Michael
On 4 November 2016 at 16:45, Michael Kerrisk (man-pages)
wrote:
> Hi David (and anyone else with an interest to review)
>
> Triggered by Eugene Syromyatnikov's recent input for the keyctl(2)
> ma
On 12/12/2016 07:18 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" <mtk.manpa...@gmail.com> writes:
>
>> On 12/11/2016 11:30 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" <mtk.manpa...@gmail.com> writes:
>&
On 12/12/2016 07:18 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> On 12/11/2016 11:30 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>>>
>>>> [was: [PATCH 0/4 v3] Add an interface
On 12/13/2016 03:20 PM, David Howells wrote:
> Michael Kerrisk (man-pages) <mtk.manpa...@gmail.com> wrote:
>
>> The payload data may be stored in a tmpfs filesystem,
>> rather than in kernel memory, if the data size exceeds the
&
On 12/13/2016 03:20 PM, David Howells wrote:
> Michael Kerrisk (man-pages) wrote:
>
>> The payload data may be stored in a tmpfs filesystem,
>> rather than in kernel memory, if the data size exceeds the
>> over
On 12/13/2016 02:38 PM, David Howells wrote:
> Michael Kerrisk (man-pages) <mtk.manpa...@gmail.com> wrote:
>
>> So, I've updated this piece a couple of times since the draft that you
>> reviewed, and by now it reads:
>>
>>"big_key" (si
On 12/13/2016 02:38 PM, David Howells wrote:
> Michael Kerrisk (man-pages) wrote:
>
>> So, I've updated this piece a couple of times since the draft that you
>> reviewed, and by now it reads:
>>
>>"big_key" (since Linux 3.13)
>>
Hi David,
On 12/13/2016 02:31 PM, David Howells wrote:
> Michael Kerrisk (man-pages) <mtk.manpa...@gmail.com> wrote:
>
>> I use/Linux man-pages uses the "Oxford comma" convention.
>
> "... an optional comma ..." ;-)
>
> There's also:
>
Hi David,
On 12/13/2016 02:31 PM, David Howells wrote:
> Michael Kerrisk (man-pages) wrote:
>
>> I use/Linux man-pages uses the "Oxford comma" convention.
>
> "... an optional comma ..." ;-)
>
> There's also:
>
> ... LSM secur
Hello David,
Amended a piece here after Eugene's note about encrypted keys.
On 13 December 2016 at 13:43, Michael Kerrisk (man-pages)
<mtk.manpa...@gmail.com> wrote:
> Hi David,
>
> On 12/13/2016 12:35 PM, David Howells wrote:
>> Michael Kerrisk <m...@man7.org> wr
Hello David,
Amended a piece here after Eugene's note about encrypted keys.
On 13 December 2016 at 13:43, Michael Kerrisk (man-pages)
wrote:
> Hi David,
>
> On 12/13/2016 12:35 PM, David Howells wrote:
>> Michael Kerrisk wrote:
>>
>>>
Hi Eugene,
On 13 December 2016 at 13:06, Eugene Syromyatnikov <evg...@gmail.com> wrote:
> On Tue, Dec 13, 2016 at 11:49 AM, Michael Kerrisk (man-pages)
> <mtk.manpa...@gmail.com> wrote:
>> On 13 December 2016 at 12:37, David Howells <dhowe...@redhat.com> wrote:
Hi Eugene,
On 13 December 2016 at 13:06, Eugene Syromyatnikov wrote:
> On Tue, Dec 13, 2016 at 11:49 AM, Michael Kerrisk (man-pages)
> wrote:
>> On 13 December 2016 at 12:37, David Howells wrote:
>>> Michael Kerrisk (man-pages) wrote:
>>>
>>
Hi David,
On 12/13/2016 12:35 PM, David Howells wrote:
> Michael Kerrisk <m...@man7.org> wrote:
>
>>The Linux key-management facility is primarily a way for driv‐
>>ers to retain or cache security data, authentication keys,
>>e
Hi David,
On 12/13/2016 12:35 PM, David Howells wrote:
> Michael Kerrisk wrote:
>
>>The Linux key-management facility is primarily a way for driv‐
>>ers to retain or cache security data, authentication keys,
>>encryption keys, and
On 13 December 2016 at 12:37, David Howells <dhowe...@redhat.com> wrote:
> Michael Kerrisk (man-pages) <mtk.manpa...@gmail.com> wrote:
>
>> > "stored encrypted in swap space".
>>
>> Fixed.
>
> Since 4.8, that is.
Which commit was that? I c
On 13 December 2016 at 12:37, David Howells wrote:
> Michael Kerrisk (man-pages) wrote:
>
>> > "stored encrypted in swap space".
>>
>> Fixed.
>
> Since 4.8, that is.
Which commit was that? I could not find it?
--
Michael Kerrisk
Linux man-pages main
Hello David
Thanks for the review!
On 12/13/2016 11:58 AM, David Howells wrote:
> Michael Kerrisk (man-pages) <mtk.manpa...@gmail.com> wrote:
>
>>The destination keyring serial number may be that of a valid
>>keyring for which the caller has wri
Hello David
Thanks for the review!
On 12/13/2016 11:58 AM, David Howells wrote:
> Michael Kerrisk (man-pages) wrote:
>
>>The destination keyring serial number may be that of a valid
>>keyring for which the caller has write permission, or it ma
mp;&
> !uid_eq(cred->euid, tcred->uid) &&
> - !uid_eq(cred->euid, tcred->suid))
> + !uid_eq(cred->euid, tcred->suid) &&
> + !ns_capable(tcred->user_ns, CAP_CGROUP_MIGRATE))
> ret = -EACCES;
>
> if (!ret && cgroup_on_dfl(dst_cgrp)) {
> --
> 2.7.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-api" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
ed->suid) &&
> + !ns_capable(tcred->user_ns, CAP_CGROUP_MIGRATE))
> ret = -EACCES;
>
> if (!ret && cgroup_on_dfl(dst_cgrp)) {
> --
> 2.7.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-api" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
On 12/11/2016 11:30 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" <mtk.manpa...@gmail.com> writes:
>
>> [was: [PATCH 0/4 v3] Add an interface to discover relationships
>> between namespaces]
>
> One small comment below.
>
>
On 12/11/2016 11:30 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> [was: [PATCH 0/4 v3] Add an interface to discover relationships
>> between namespaces]
>
> One small comment below.
>
>>
>>Introspecting names
in this release that may be of interest
to readers on LKML is shown below.
Cheers,
Michael
Changes in man-pages-4.09
New and rewritten pages
---
pkey_alloc.2
Dave Hansen [Michael Kerrisk]
New page documenting pkey_alloc(2
in this release that may be of interest
to readers on LKML is shown below.
Cheers,
Michael
Changes in man-pages-4.09
New and rewritten pages
---
pkey_alloc.2
Dave Hansen [Michael Kerrisk]
New page documenting pkey_alloc(2
[Fixing Serge's address in my original CC]
On 12/11/2016 11:30 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" <mtk.manpa...@gmail.com> writes:
>
>> [was: [PATCH 0/4 v3] Add an interface to discover relationships
>> between namesp
[Fixing Serge's address in my original CC]
On 12/11/2016 11:30 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> [was: [PATCH 0/4 v3] Add an interface to discover relationships
>> between namespaces]
>
> One small comment below.
&
perror("ioctl-NS_GET_PARENT");
exit(EXIT_FAILURE);
}
if (fstat(parent_fd, ) == -1) {
perror("fstat-parentns");
exit(EXIT_FAILURE);
}
printf("Inode number of parent namespace is: %ld\n",
(long) sb.st_ino);
close(parent_fd);
}
exit(EXIT_SUCCESS);
}
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
quot;);
exit(EXIT_FAILURE);
}
if (fstat(parent_fd, ) == -1) {
perror("fstat-parentns");
exit(EXIT_FAILURE);
}
printf("Inode number of parent namespace is: %ld\n",
(long) sb.st_ino);
close(parent_fd);
}
exit(EXIT_SUCCESS);
}
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
ferent terminal
windows, each of whose jobs are tied to different autogroups),
modifying the nice value of the process in one of the sessions has
no effect in terms of the scheduler's decisions relative to the
process in the other session.
--
Michael Kerrisk
Lin
ferent terminal
windows, each of whose jobs are tied to different autogroups),
modifying the nice value of the process in one of the sessions has
no effect in terms of the scheduler's decisions relative to the
process in the other session.
--
Michael Kerrisk
Lin
Hi Peter,
On 29 November 2016 at 12:46, Peter Zijlstra <pet...@infradead.org> wrote:
> On Tue, Nov 29, 2016 at 08:43:33AM +0100, Michael Kerrisk (man-pages) wrote:
>> >
>> > In any case, for the case of autogroup, the behaviour has always been,
>
Hi Peter,
On 29 November 2016 at 12:46, Peter Zijlstra wrote:
> On Tue, Nov 29, 2016 at 08:43:33AM +0100, Michael Kerrisk (man-pages) wrote:
>> >
>> > In any case, for the case of autogroup, the behaviour has always been,
>> > autogroups came quite late.
>>
&g
[Resending because of bounces from the lists. (Somehow my mailer
messed up the MIME labeling)]
Hi Mike,
On 11/28/2016 02:46 AM, Mike Galbraith wrote:
> On Sun, 2016-11-27 at 22:13 +0100, Michael Kerrisk (man-pages) wrote:
>
>> Here's my attempt to define the roo
[Resending because of bounces from the lists. (Somehow my mailer
messed up the MIME labeling)]
Hi Mike,
On 11/28/2016 02:46 AM, Mike Galbraith wrote:
> On Sun, 2016-11-27 at 22:13 +0100, Michael Kerrisk (man-pages) wrote:
>
>> Here's my attempt to define the roo
Hi Peter,
On 11/25/2016 10:49 PM, Peter Zijlstra wrote:
> On Fri, Nov 25, 2016 at 09:54:05PM +0100, Michael Kerrisk (man-pages) wrote:
>> So, part of what I was struggling with was what you meant by cfs-cgroup.
>> Do you mean the CFS bandwidth control features added in Linux 3.2?
Hi Peter,
On 11/25/2016 10:49 PM, Peter Zijlstra wrote:
> On Fri, Nov 25, 2016 at 09:54:05PM +0100, Michael Kerrisk (man-pages) wrote:
>> So, part of what I was struggling with was what you meant by cfs-cgroup.
>> Do you mean the CFS bandwidth control features added in Linux 3.2?
Hi Mike,
On 11/23/2016 04:33 PM, Mike Galbraith wrote:
> On Wed, 2016-11-23 at 14:54 +0100, Michael Kerrisk (man-pages) wrote:
>> Hi Mike,
[...]
>> Actually, can you define for me what the root task group is, and
>> why it exists? That may be worth some words in this m
Hi Mike,
On 11/23/2016 04:33 PM, Mike Galbraith wrote:
> On Wed, 2016-11-23 at 14:54 +0100, Michael Kerrisk (man-pages) wrote:
>> Hi Mike,
[...]
>> Actually, can you define for me what the root task group is, and
>> why it exists? That may be worth some words in this m
601 - 700 of 2778 matches
Mail list logo