Re: [RFC v2 PATCH 3/8] fs: Treat foreign mounts as nosuid

Hi, On Thu, May 05, 2016 at 08:05:08AM -0500, Seth Forshee wrote: > On Wed, May 04, 2016 at 11:19:04PM +, Serge Hallyn wrote: > > Quoting Djalal Harouni (tix...@gmail.com): > > > If a process gets access to a mount from a different user > > > namespace, that process should not be able to take

Re: [RFC v2 PATCH 3/8] fs: Treat foreign mounts as nosuid

On Wed, May 04, 2016 at 11:19:04PM +, Serge Hallyn wrote: > Quoting Djalal Harouni (tix...@gmail.com): > > If a process gets access to a mount from a different user > > namespace, that process should not be able to take advantage of > > setuid files or selinux entrypoints from that filesystem.

Re: [RFC v2 PATCH 3/8] fs: Treat foreign mounts as nosuid

Quoting Djalal Harouni (tix...@gmail.com): > If a process gets access to a mount from a different user > namespace, that process should not be able to take advantage of > setuid files or selinux entrypoints from that filesystem. Prevent > this by treating mounts from other mount namespaces and tho

[RFC v2 PATCH 3/8] fs: Treat foreign mounts as nosuid

If a process gets access to a mount from a different user namespace, that process should not be able to take advantage of setuid files or selinux entrypoints from that filesystem. Prevent this by treating mounts from other mount namespaces and those not owned by current_user_ns() or an ancestor as