Re: [PATCHv3 1/2] capability: introduce sysctl for controlled user-ns capability whitelist

2018-01-02 Thread महेश बंडेवार
On Sat, Dec 30, 2017 at 12:50 AM, Michael Kerrisk (man-pages) wrote: > Hello Mahesh, > > On 12/05/2017 11:31 PM, Mahesh Bandewar wrote: >> From: Mahesh Bandewar >> >> Add a sysctl variable kernel.controlled_userns_caps_whitelist. This >> takes input as

Re: [PATCHv3 1/2] capability: introduce sysctl for controlled user-ns capability whitelist

2018-01-02 Thread महेश बंडेवार
On Sat, Dec 30, 2017 at 12:50 AM, Michael Kerrisk (man-pages) wrote: > Hello Mahesh, > > On 12/05/2017 11:31 PM, Mahesh Bandewar wrote: >> From: Mahesh Bandewar >> >> Add a sysctl variable kernel.controlled_userns_caps_whitelist. This >> takes input as capability mask expressed as two comma

Re: [PATCHv3 1/2] capability: introduce sysctl for controlled user-ns capability whitelist

2017-12-30 Thread Michael Kerrisk (man-pages)
Hello Mahesh, On 12/05/2017 11:31 PM, Mahesh Bandewar wrote: > From: Mahesh Bandewar > > Add a sysctl variable kernel.controlled_userns_caps_whitelist. This > takes input as capability mask expressed as two comma separated hex > u32 words. The mask, however, is stored in

Re: [PATCHv3 1/2] capability: introduce sysctl for controlled user-ns capability whitelist

2017-12-30 Thread Michael Kerrisk (man-pages)
Hello Mahesh, On 12/05/2017 11:31 PM, Mahesh Bandewar wrote: > From: Mahesh Bandewar > > Add a sysctl variable kernel.controlled_userns_caps_whitelist. This > takes input as capability mask expressed as two comma separated hex > u32 words. The mask, however, is stored in kernel as kernel_cap_t

Re: [PATCHv3, 1/2] capability: introduce sysctl for controlled user-ns capability whitelist

2017-12-15 Thread Iago López Galeiras
On 12/05/2017 11:31 PM, Mahesh Bandewar wrote: > +The value is expressed as two comma separated hex words (u32). This > +sysctl is avaialble in init-ns and users with CAP_SYS_ADMIN in init-ns > +are allowed to make changes. Typo: avaialble -> available

Re: [PATCHv3, 1/2] capability: introduce sysctl for controlled user-ns capability whitelist

2017-12-15 Thread Iago López Galeiras
On 12/05/2017 11:31 PM, Mahesh Bandewar wrote: > +The value is expressed as two comma separated hex words (u32). This > +sysctl is avaialble in init-ns and users with CAP_SYS_ADMIN in init-ns > +are allowed to make changes. Typo: avaialble -> available

[PATCHv3 1/2] capability: introduce sysctl for controlled user-ns capability whitelist

2017-12-05 Thread Mahesh Bandewar
From: Mahesh Bandewar Add a sysctl variable kernel.controlled_userns_caps_whitelist. This takes input as capability mask expressed as two comma separated hex u32 words. The mask, however, is stored in kernel as kernel_cap_t type. Any capabilities that are not part of this

[PATCHv3 1/2] capability: introduce sysctl for controlled user-ns capability whitelist

2017-12-05 Thread Mahesh Bandewar
From: Mahesh Bandewar Add a sysctl variable kernel.controlled_userns_caps_whitelist. This takes input as capability mask expressed as two comma separated hex u32 words. The mask, however, is stored in kernel as kernel_cap_t type. Any capabilities that are not part of this mask will be