Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > Quoting Eric W. Biederman (ebied...@xmission.com):
>
> >> A child user namespace having capabilities against processes in it's
> >> parent seems totally bizarre and pretty dangerous from a capabilities
> >> stan
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> A child user namespace having capabilities against processes in it's
>> parent seems totally bizarre and pretty dangerous from a capabilities
>> standpoint.
>
> How would it have them against its parent?
init_user
Linus Torvalds writes:
> On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
> wrote:
>>
>> That said Serge I think I have lost track of the point of your question.
>
> .. and I'm a bit unsure what I should do about this all. Including
> pulling the pull request that actually can make this all m
Quoting Linus Torvalds (torva...@linux-foundation.org):
> On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
> wrote:
> >
> > That said Serge I think I have lost track of the point of your question.
>
> .. and I'm a bit unsure what I should do about this all. Including
> pulling the pull request
Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
Note: I acked your patch before and still don't object to it.
> > In which case it would be
> >
> >child_user_ns1 [10-19]
> >child_user_ns2 [10-19]
> > child_user_ns3 [12000
On Fri, Dec 14, 2012 at 10:43 AM, Linus Torvalds
wrote:
> On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
> wrote:
>>
>> That said Serge I think I have lost track of the point of your question.
>
> .. and I'm a bit unsure what I should do about this all. Including
> pulling the pull request t
On Fri, Dec 14, 2012 at 10:12 AM, Eric W. Biederman
wrote:
>
> That said Serge I think I have lost track of the point of your question.
.. and I'm a bit unsure what I should do about this all. Including
pulling the pull request that actually can make this all matter.
Hmm? Any consensus?
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> "Serge E. Hallyn" writes:
>>
>> > Quoting Eric W. Biederman (ebied...@xmission.com):
>> >> "Serge E. Hallyn" writes:
>> >>
>> >> > Quoting Eric W. Biederman (ebied...@xmission.com):
>> >> >>
>> >> >> Andy Lutom
Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > Quoting Eric W. Biederman (ebied...@xmission.com):
> >> "Serge E. Hallyn" writes:
> >>
> >> > Quoting Eric W. Biederman (ebied...@xmission.com):
> >> >>
> >> >> Andy Lutomirski pointed out that the current beh
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> "Serge E. Hallyn" writes:
>>
>> > Quoting Eric W. Biederman (ebied...@xmission.com):
>> >>
>> >> Andy Lutomirski pointed out that the current behavior of allowing the
>> >> owner of a user namespace to have all c
Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > Quoting Eric W. Biederman (ebied...@xmission.com):
> >>
> >> Andy Lutomirski pointed out that the current behavior of allowing the
> >> owner of a user namespace to have all caps when that owner is not in a
> >>
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>>
>> Andy Lutomirski pointed out that the current behavior of allowing the
>> owner of a user namespace to have all caps when that owner is not in a
>> parent user namespace is wrong.
>
> To make sure I understand ri
Quoting Eric W. Biederman (ebied...@xmission.com):
>
> Andy Lutomirski pointed out that the current behavior of allowing the
> owner of a user namespace to have all caps when that owner is not in a
> parent user namespace is wrong.
To make sure I understand right, the issue is when a uid is mappe
On Thu, Dec 13, 2012 at 6:33 PM, Eric W. Biederman
wrote:
>
> Andy thank you for your review.
>
> Andy Lutomirski writes:
>> This is confusing enough that I can't immediately tell whether it's
>> correct. I think it's close but out of order.
>
> Yeah. That is the trick. Figuring out how to writ
Andy thank you for your review.
Andy Lutomirski writes:
> This is confusing enough that I can't immediately tell whether it's
> correct. I think it's close but out of order.
Yeah. That is the trick. Figuring out how to write that code so it is
correct and obvious.
I have added a comment at t
On Thu, Dec 13, 2012 at 2:39 PM, Eric W. Biederman
wrote:
>
> Andy Lutomirski pointed out that the current behavior of allowing the
> owner of a user namespace to have all caps when that owner is not in a
> parent user namespace is wrong.
>
> This is a bug introduced by the kuid conversion which m
Linus Torvalds writes:
> On Thu, Dec 13, 2012 at 2:39 PM, Eric W. Biederman
> wrote:
>>
>> Andy Lutomirski pointed out that the current behavior of allowing the
>> owner of a user namespace to have all caps when that owner is not in a
>> parent user namespace is wrong.
>>
>> This is a bug introd
On Thu, Dec 13, 2012 at 2:39 PM, Eric W. Biederman
wrote:
>
> Andy Lutomirski pointed out that the current behavior of allowing the
> owner of a user namespace to have all caps when that owner is not in a
> parent user namespace is wrong.
>
> This is a bug introduced by the kuid conversion which m
Andy Lutomirski pointed out that the current behavior of allowing the
owner of a user namespace to have all caps when that owner is not in a
parent user namespace is wrong.
This is a bug introduced by the kuid conversion which made it possible
for the owner of a user namespace to live in a child
19 matches
Mail list logo