Steven Rostedt writes:
> 3.6.11.2 stable review patch.
> If anyone has any objections, please let me know.
Mounting only with privilege in the user namespace only dates
back to 3.8 so this is not needed in 3.6.
Not that it should do any harm.
Eric
> --
>
>
oesn't seem to be much point
in backporting this one.
Eric
> --
>
> From: "Eric W. Biederman"
>
> [ Upstream commit 90563b198e4c6674c63672fae1923da467215f45 ]
>
> When a read-only bind mount is copied from mount namespace in a higher
> privil
Al Viro writes:
> On Fri, Apr 05, 2013 at 05:29:32AM +0100, Al Viro wrote:
>> 4) nasty semantics issue - mmap() vs. revoke (of any sort, including
>> remove_proc_entry(), etc.). Suppose a revokable file had been mmapped;
>> now it's going away. What should we do to its VMAs? Right now sysfs
>>
im through the uses no problem cases stick out, nor
can I think of anything that would cause trouble. This looks like a
good patch.
Acked-by: "Eric W. Biederman"
> Reported-by: Andrey Vagin
> Signed-off-by: Oleg Nesterov
>
> --- x/kernel/exit.c
> +++ x/kernel/exit
"H. Peter Anvin" writes:
> On 05/15/2013 02:05 AM, HATAYAMA Daisuke wrote:
>> Currently, read to /proc/vmcore is done by read_oldmem() that uses
>> ioremap/iounmap per a single page. For example, if memory is 1GB,
>> ioremap/iounmap is called (1GB / 4KB)-times, that is, 262144
>> times. This caus
"H. Peter Anvin" writes:
> On 05/16/2013 07:53 PM, Eric W. Biederman wrote:
>>
>> That is completely and totally orthogonal to this change.
>>
>> read_oldmem may have problems but in practice on a large systems those
>> problems are totally dwarfe
Chen Gang wrote:
>
>If neither CONFIG_BUG nor HAVE_ARCH_BUG is defined, the BUG() will
>defined as empty (e.g. randconfig with MMU for arm s5pv210)
>
>In this case, need 'return NULL' to let upper caller knows the failure.
Seriously? The correct fix it would seem is to give a useful default B
Andrew Morton writes:
> Guys, can we please get some review attention to this?
I think my original reply got lost.
The review was nack.
I don't see anything in this patch that makes this any more palatable
than any other time this idea has come up.
It is perfectly possible in the kexec on pan
Stanislav Kinsbursky writes:
> Usermode helper executes all binaries in global "init" root context. This
> doesn't allow to call a binary from other root context (for example in a
> container).
> Currently, both containerized NFS client and NFS server requires an ability to
> execute a binary in
ebied...@xmission.com (Eric W. Biederman) writes:
> I am missing a lot of context here and capturing the context of a
> process at time time we mount the filesystem and reconstituing it in
> call user mode helper seems like something we could do.
If we want to do something like this
"J. Bruce Fields" writes:
> On Wed, May 22, 2013 at 11:35:56AM -0700, Eric W. Biederman wrote:
>> ebied...@xmission.com (Eric W. Biederman) writes:
>>
>> > I am missing a lot of context here and capturing the context of a
>> > process at time time we m
Stanislav Kinsbursky writes:
> 22.05.2013 21:33, Eric W. Biederman пишет:
>> Stanislav Kinsbursky writes:
>>
>>> Usermode helper executes all binaries in global "init" root context. This
>>> doesn't allow to call a binary from other root context
"J. Bruce Fields" writes:
> On Thu, May 23, 2013 at 03:55:47PM -0400, J. Bruce Fields wrote:
>> On Thu, May 23, 2013 at 09:05:26AM -0400, Jeff Layton wrote:
>> > What might help most here is to lay out a particular scenario for how
>> > you envision setting up knfsd in a container so we can ensur
Vivek Goyal writes:
> On Fri, May 24, 2013 at 05:06:26PM +0200, Michael Holzheu wrote:
>> Hello Vivek,
>>
>> On Fri, 24 May 2013 10:36:44 -0400
>> Vivek Goyal wrote:
>>
>> [snip]
>>
>> > Sorry, I don't understand the problem. If we swapped low memory and
>> > crash reserved memory, that shoul
Zhang Yanfei writes:
> Hello Eric,
>
>> The function copy_oldmem_page also concerns me. I don't have a clue why
>> we duplicate that function on every architecutre in a slightly different
>> form. There should be enough abstractions in the kernel to make that
>> unnecessary. I would be glad to
Zhang Yanfei writes:
> 于 2013年05月25日 11:01, Eric W. Biederman 写道:
>> Zhang Yanfei writes:
>>
>>> Hello Eric,
>>>
>>>> The function copy_oldmem_page also concerns me. I don't have a clue why
>>>> we duplicate that function on every
Zhang Yanfei writes:
> From: Zhang Yanfei
Won't we want to keep this reservation around to so that this number
doesn't get reused, and cause people confusion when
upgrading/downgrading kernels?
> Signed-off-by: Zhang Yanfei
> Cc: Dave Jones
> ---
> Documentation/devices.txt |2 --
> 1 f
tectures.
Except for the devices.txt update.
Acked-by: "Eric W. Biederman"
> Zhang Yanfei (7):
> /dev/oldmem: Remove this interface
> Documentation/devices.txt: Remove /dev/oldmem description
> Documentation/kdump/kdump.txt: Remove /dev/oldmem description
> mips:
>
>Should we schedule the removal of this interface after 1-2 releases
>and give a warning once if anybody opens /dev/oldmem and tell them
>to use /proc/vmcore instead?
How can anyone use /dev/oldmem correctly? To the best of
my knowledge there are no parsers of the ELF header passed
by /sbin
Zhang Yanfei writes:
> From: Zhang Yanfei
>
> Signed-off-by: Zhang Yanfei
> Cc: Dave Jones
> ---
> Documentation/devices.txt |3 +--
> 1 files changed, 1 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/devices.txt b/Documentation/devices.txt
> index 08f01e7..c8e4002 100644
>
Oleg Nesterov writes:
> proc_task_readdir() verifies that the result of get_proc_task()
> is pid_alive() and thus its ->group_leader is fine too. However
> this is not necessarily true after rcu_read_unlock(), we need
> to recheck this after first_tid() does rcu_read_lock() again.
I agree with y
Oleg Nesterov writes:
> proc_task_readdir() does not really need "leader", first_tid()
> has to revalidate it anyway. Just pass proc_pid(inode) to
> first_tid() instead, it can do pid_task(PIDTYPE_PID) itself
> and read ->group_leader only if necessary.
>
> Note: I am not sure proc_task_readdir()
lockless usage is wrong.
>
> I was going to send more changes, but this initial series nearly
> killed me. And I think first_tid() needs another cleanup, ->f_pos
> truncation doesn't look nice, tomorrow.
I have made some comments but overall this looks like a good set of
clea
Over the last little while I have been working to correct a design
oversight in user namespaces, that probably needs to be documented
somewhere, and the fixes for the worst of the oversight have been
merged.
The problem was I forgot to consider what when there are shared
resources and root uses t
"Michael Kerrisk (man-pages)" writes:
> On Wed, Mar 6, 2013 at 1:40 AM, Eric W. Biederman
> wrote:
>> "Michael Kerrisk (man-pages)" writes:
>>
>>> On Tue, Mar 5, 2013 at 7:41 AM, Eric W. Biederman
>>> wrote:
>>>> "
Li Zefan writes:
> Cc: sasha.le...@oracle.com
> Cc: "Eric W. Biederman"
> Cc: container
>
> This is a second report... and the same address: 0xfff0
Actually this is the third report I have seen with that address, and the
others were on x86_64.
The obviou
Thanks applied.
This is an unpleasant accidental memory leak.
Eric
Rakib Mullick writes:
> From cd41495e25cf2641ffe9e01a40d3d221a46b08be Mon Sep 17 00:00:00 2001
> From: Rakib Mullick
> Date: Thu, 7 Mar 2013 14:52:20 +0600
> Subject: [PATCH] nsproxy: Fix ->nsproxy counting problem in copy_n
Fengguang Wu writes:
> Greetings,
>
> I got the below oops and the first bad commit is
Doh! On a second look that change is totally wrong. Of course we need
to up the ref-count every time we create a new process. Especially if
we don't do anything with namespaces.
I was looking at it from th
Sasha Levin writes:
> On 03/07/2013 12:46 PM, Eric Dumazet wrote:
>> On Thu, 2013-03-07 at 12:36 -0500, Sasha Levin wrote:
>>
>>> Looks like the hlist change is probably the issue, though it specifically
>>> uses:
>>>
>>> #define hlist_entry_safe(ptr, type, member) \
>>> (ptr) ?
Sasha Levin writes:
> On 03/07/2013 01:05 PM, ebied...@xmission.com wrote:
>> Sasha Levin writes:
>>
>>> On 03/07/2013 12:46 PM, Eric Dumazet wrote:
On Thu, 2013-03-07 at 12:36 -0500, Sasha Levin wrote:
> Looks like the hlist change is probably the issue, though it specifically
>>
Vivek Goyal writes:
> On Thu, Mar 07, 2013 at 10:58:18PM +0800, Jingbai Ma wrote:
>> This patch intend to speedup the memory pages scanning process in
>> selective dump mode.
>>
>> Test result (On HP ProLiant DL980 G7 with 1TB RAM, makedumpfile
>> v1.5.3):
>>
>>
Rakib Mullick writes:
> On 3/7/13, Eric W. Biederman wrote:
>> Fengguang Wu writes:
>>
>>> Greetings,
>>>
>>> I got the below oops and the first bad commit is
>>
>> Doh! On a second look that change is totally wrong. Of course we need
>
"Ma, Jingbai (Kingboard)" writes:
> On 3/8/13 6:33 PM, "H. Peter Anvin" wrote:
>
>
>>On 03/08/2013 02:06 AM, Jingbai Ma wrote:
>>>
>>> Kernel do have some abilities that user space haven't. It's possible to
>>> map whole memory space of the first kernel into user space on the second
>>> kernel.
Vivek Goyal writes:
> On Thu, Mar 07, 2013 at 01:54:45PM -0800, Eric W. Biederman wrote:
>> Vivek Goyal writes:
>> > I think this is not a good idea. It has several issues.
>>
>> Actually it does not appear to be doing any work in the first kernel.
>
> Looks
Dave Jones writes:
> On Fri, Mar 08, 2013 at 09:56:31PM -0500, Dave Jones wrote:
> > On Fri, Mar 08, 2013 at 09:26:23PM -0500, Dave Jones wrote:
> > > On Fri, Mar 08, 2013 at 06:08:52PM -0800, Linus Torvalds wrote:
> > > > On Fri, Mar 8, 2013 at 6:03 PM, Dave Jones wrote:
> > > > >
> >
Dave Jones writes:
> On Fri, Mar 08, 2013 at 07:16:09PM -0800, Linus Torvalds wrote:
> > Goodie. Your bug reports gave me heartburn. But it sounds like we have an
> > angle on all of the ones you've seen now?
> >
> > Or have I forgotten about some case?
>
> To be honest I've lost track of
Dave Jones writes:
> On Fri, Mar 08, 2013 at 07:38:33PM -0800, Eric W. Biederman wrote:
> > Dave Jones writes:
> >
> > > On Fri, Mar 08, 2013 at 07:16:09PM -0800, Linus Torvalds wrote:
> > > > Goodie. Your bug reports gave me heartburn. But it sounds l
Rakib Mullick writes:
> On Fri, Mar 8, 2013 at 10:01 PM, Eric W. Biederman
> wrote:
>>
>> When a new task is created one of two things needs to happen.
>> A) A reference count needs to be added to the current nsproxy.
>> B) B a new nsproxy needs to be created.
Greg KH writes:
> On Sun, Mar 10, 2013 at 04:53:11PM +0800, Ming Lei wrote:
>> On Sun, Mar 10, 2013 at 12:36 AM, Tommi Rantala wrote:
>> > [ 40.089036] [] sysfs_get_dirent+0x39/0x80
>> > [ 40.089036] [] sysfs_remove_group+0x29/0x100
>> > [ 40.089036] [] blk_trace_remove_sysfs+0x14/0x20
Jingbai Ma writes:
> On 03/08/2013 11:52 PM, Vivek Goyal wrote:
>> On Thu, Mar 07, 2013 at 01:54:45PM -0800, Eric W. Biederman wrote:
>>> Vivek Goyal writes:
>>>
>>>> On Thu, Mar 07, 2013 at 10:58:18PM +0800, Jingbai Ma wrote:
>>>>> This pat
Arthur Marsh writes:
> Hi, I found that Linux kernel 3.9.0-rc2 would not mount a remote cifs
> filesystem, and ran a git bisect which identified the following
> commit:
>
> Is there a patch already present somewhere to fix this problem?
>
Grr. It was in linux-next for nearly a week and I checke
"H. Peter Anvin" writes:
> On 03/11/2013 11:50 AM, Yinghai Lu wrote:
>>>
>>> What is the purpose of reserving that kind of memory below 896 MB? If
>>> you have a 32-bit system, it will likely be useless since you are
>>> robbing the primary of most of lowmem, on a 64-bit system 896 MB is not
>>>
Kees Cook writes:
> On Mon, Mar 11, 2013 at 12:28 PM, Oleg Nesterov wrote:
>> On 03/11, Kees Cook wrote:
>>>
>>> When the new signal handlers are set up for a fork, the location of
>>> sa_restorer is not cleared, leaking a parent process's address space
>>> location to children. This allows for
"H. Peter Anvin" writes:
> On 03/11/2013 01:12 PM, Vivek Goyal wrote:
>>>
>>> Quite frankly the whole design seems to be held together with chewing
>>> gum. At the core, the problem is a tight coupling between kexec-tools
>>> version, kexec-tools options, and kernel command line options that hav
"Michael Kerrisk (man-pages)" writes:
> Li,
>
> Regarding your commit 923c7538236564c46ee80c253a416705321f13e3 , I
> plan to apply the following patch to the reboot(2) manual page. Does
> it look okay to you?
You have documented the behavior as of 3.4.
The change in 3.9 is to allow that same be
richard -rw- weinberger writes:
> On Fri, Mar 23, 2012 at 8:08 PM, Kees Cook wrote:
>> Notify get_robust_list users that the syscall is going away.
>>
>> Suggested-by: Thomas Gleixner
>> Signed-off-by: Kees Cook
>> ---
>
> I'm using this system call in an application and noticed that's marked
Alan Cox writes:
>> +uid=n[:m] Make all files appear to belong to uid n.
>> +Useful for e.g. removable media with fstab
>> +options 'user,uid=useruid'. The optional second
>> +uid m is actually w
Sasha Levin writes:
> On 08/02/2012 12:32 PM, Josh Triplett wrote:
>> What about using a C99 flexible array member? Kernel style prohibits
>> variable-length arrays, but I don't think the same rationale applies to
>> flexible array members.
>>
>> struct hash_table {
>> size_t count;
>> s
Sasha Levin writes:
> Heh, I've started working on it in April, and just returned to this. Didn't
> think about rebasing to something new.
>
> will fix - Thanks!
You might want to look at some of the work that Eric Dumazet has done in
the networking stack with rcu hashtables that can be resized
The solution is to use user namespaces and to only test ns_capable on the magic
reboot path.
For the 3.7 timeframe that should be a realistic solution.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More major
The permissions on the syscall were fixed them withR ptrace_may_access.
We have identified two legitimate use cases.
It looks like it is time for someone to generate the path to remove the
depreciation.
Who is up for writing and testing that patch?
Eric
--
To unsubscribe from this list: send
"Daniel P. Berrange" wrote:
>On Fri, Aug 03, 2012 at 05:45:40AM -0700, Eric W. Biederman wrote:
>> The solution is to use user namespaces and to only test ns_capable on
>the magic reboot path.
>>
>> For the 3.7 timeframe that should be a realistic solution.
&g
cremented?
- The magic is deep.
hash_get is named like a function but takes a piece of code to call
like only a macro can.
- uid_hash_find always bumped the reference count
but your uidhash_entry doesn't nor do all of the callers of
uidhash_entry bump the reference count.
Nack
Jan Ariyasu writes:
> The following set of patches enable network-namespaces for the SCTP protocol.
>
> The multitude of global parameters are stored in a net_generic
> structure, and the bulk of the patches enable the protocol to access
> the parameters on a per-namespace basis. The first five
atefuns.c | 208 ++---
net/sctp/socket.c | 29 +++--
net/sctp/ulpqueue.c | 18 ++-
17 files changed, 533 insertions(+), 400 deletions(-)
Eric W. Biederman (9):
sctp: Make the port hash table use struct net in it's key.
sctp: Make the endpoint hashtabl
to use in multiple network namespaces.
Signed-off-by: "Eric W. Biederman"
---
include/net/sctp/sctp.h|4 ++--
include/net/sctp/structs.h |1 +
net/sctp/socket.c | 22 +-
3 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/includ
- Use struct net in the hash calculation
- Use sock_net(endpoint.base.sk) in the endpoint lookups.
- On receive calculate the network namespace from skb->dev.
Signed-off-by: "Eric W. Biederman"
---
include/net/sctp/sctp.h|4 ++--
include/net/sctp/structs.h |2
- Use struct net in the hash calculation
- Use sock_net(association.base.sk) in the association lookups.
- On receive calculate the network namespace from skb->dev.
- Pass struct net from receive down to the functions that actually
do the association lookup.
Signed-off-by: "Eric W. B
- Move the address lists into struct net
- Add per network namespace initialization and cleanup
- Pass around struct net so it is everywhere I need it.
- Rename all of the global variable references into references
to the variables moved into struct net
Signed-off-by: "Eric W. Bied
- Kill sctp_get_ctl_sock, it is useless now.
- Pass struct net where needed so net->sctp.ctl_sock is accessible.
Signed-off-by: "Eric W. Biederman"
---
include/net/netns/sctp.h |8 +++
include/net/sctp/sctp.h |1 -
net/sctp/input.c |4 +-
net/sc
The percpu sctp socket counter has nothing at all to do with the sctp
proc files, and having it in the wrong initialization is confusing,
and makes network namespace support a pain.
Signed-off-by: "Eric W. Biederman"
---
net/sctp/protocol.c | 13 +++--
1 files changed, 7
- Convert all of the files under /proc/net/sctp to be per
network namespace.
- Don't print anything for /proc/net/sctp/snmp except in
the initial network namespaces as the snmp counters still
have to be converted to be per network namespace.
Signed-off-by: "Eric W.
- Fix the sctp_af operations to work in all namespaces
- Enable sctp socket creation in all network namespaces.
Signed-off-by: "Eric W. Biederman"
---
net/sctp/ipv6.c | 12 ++--
net/sctp/protocol.c |8 +---
2 files changed, 11 insertions(+), 9 deletions(-)
di
Signed-off-by: "Eric W. Biederman"
---
include/net/netns/sctp.h |3 +
include/net/sctp/sctp.h |9 +--
net/sctp/associola.c |2 +-
net/sctp/chunk.c |2 +-
net/sctp/endpointola.c |2 +-
net/sctp/input.c | 22 +++---
net/sctp/ipv6.c
end of the day the effect is the same, but I think it matters a
great deal in how we think about things.
We have CAP_SYS_BOOT in the initial user namespace. We do have
permission to make the system call.
So I continue to see this patch the way it is current constructed as
broken.
Nacked-
Jan Ariyasu writes:
> Introduce data structures and break up module initialization and
> exit into subroutines with common functionality for namespace
> registration.
Jan there is an issue with the way your patch is orgainized. You create
a structure holding all of the variables before making a
Vlad Yasevich writes:
> Hi Eric
>
> Associations are looked up by ports, but then verifyed by addresses.
> Also, associations belong to sockets and simply validating the socket
> namespace should be sufficient.
True. Your set of patches isn't quite as likely to malfunction as it
looked at firs
Vlad Yasevich writes:
> On 08/06/2012 04:47 PM, David Miller wrote:
>> From: ebied...@xmission.com (Eric W. Biederman)
>> Date: Mon, 06 Aug 2012 12:50:46 -0700
>>
>>> Vlad Yasevich writes:
>>>
>>>
>>>> Hi Eric
>>>>
hen user namespaces are enabled which is currently impossible
in 3.6-rc1 :(
I have added the following fixup patch to my for-next branch of
user-namespace.git
From: "Eric W. Biederman"
Date: Fri, 3 Aug 2012 09:38:08 -0700
Subject: [PATCH] userns: Fix link restrictions to use uid_eq
Dan Luedtke writes:
> +/**
> + * struct lanyfs_opts - mount options
> + * @uid: userid of all files and directories
> + * @gid: grouid of all files and direcotries
> + * @dmask: directory mask
> + * @fmask: file mask
> +
Lennart Poettering writes:
> Heya,
>
> (sorry for the late reply)
>
> On 16.08.2012 22:00, Tejun Heo wrote:
>> On Thu, Aug 16, 2012 at 01:44:56PM -0400, a...@redhat.com wrote:
>
Attaching meta information to services, in an easily discoverable
way. For example, in systemd we create one
tem change.
Eric W. Biederman (15):
userns: Enable building of pf_key sockets when user namespace support is
enabled.
userns: Make credential debugging user namespace safe.
userns: Convert security/keys to the new userns infrastructure
userns: net: Call key_alloc with GLOBA
Enable building of pf_key sockets and user namespace support at the
same time. This combination builds successfully so there is no reason
to forbid it.
Signed-off-by: "Eric W. Biederman"
---
init/Kconfig |1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/init
Cc: David Howells
Acked-by: Serge Hallyn
Signed-off-by: Eric W. Biederman
---
init/Kconfig |1 -
kernel/cred.c | 10 --
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index 448b701..fdabc51 100644
--- a/init/Kconfig
+++ b/init/Kconfig
ace of the opener of key status proc files.
Cc: linux-security-mod...@vger.kernel.org
Cc: keyri...@linux-nfs.org
Cc: David Howells
Signed-off-by: Eric W. Biederman
---
include/linux/key.h |9 ---
init/Kconfig |1 -
security/keys/internal.h |
the user namespace of the opener of the proc file.
Signed-off-by: Eric W. Biederman
---
include/linux/ipc.h |9 +
init/Kconfig|1 -
ipc/msg.c | 14 +-
ipc/sem.c | 13 -
ipc/shm.c | 19 +++
ipc
>From 088e7f2778bd228a4ce05f8dfaa4eb999e2207d2 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman"
Date: Fri, 25 May 2012 16:37:54 -0600
Subject:
In net/dns_resolver/dns_key.c and net/rxrpc/ar-key.c make them
work with user namespaces enabled where key_alloc takes kuids an
and gids
into bacct_add_task.
Cc: Balbir Singh
Signed-off-by: Eric W. Biederman
---
include/linux/tsacct_kern.h |8 ++--
init/Kconfig|1 -
kernel/taskstats.c | 23 +--
kernel/tsacct.c | 12 +++-
4 files changed
: Eric W. Biederman
---
drivers/connector/cn_proc.c | 18 ++
init/Kconfig|1 -
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
index 3e92b7d..fce2000 100644
--- a/drivers/connector
Cc: Greg Kroah-Hartman
Acked-by: Serge Hallyn
Signed-off-by: Eric W. Biederman
---
fs/debugfs/inode.c | 26 ++
init/Kconfig |1 -
2 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index 4733eab..36e2b66
- When tracing capture the kuid.
- When displaying the data to user space convert the kuid into the
user namespace of the process that opened the report file.
Cc: Steven Rostedt
Cc: Frederic Weisbecker
Cc: Ingo Molnar
Signed-off-by: Eric W. Biederman
---
init/Kconfig |1
Cc: dri-de...@lists.freedesktop.org
Acked-by: Serge Hallyn
Signed-off-by: Eric W. Biederman
---
drivers/gpu/drm/drm_fops.c |3 ++-
drivers/gpu/drm/drm_info.c |5 +++--
drivers/gpu/drm/drm_ioctl.c |4 ++--
include/drm/drmP.h |4 ++--
init/Kconfig|1
Cc: Joel Becker
Acked-by: Serge Hallyn
Signed-off-by: Eric W. Biederman
---
fs/configfs/inode.c |4 ++--
init/Kconfig|1 -
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/configfs/inode.c b/fs/configfs/inode.c
index 0074362..a9d35b0 100644
--- a/fs/configfs
Steven Rostedt writes:
> On Sat, 2012-08-25 at 17:04 -0700, Eric W. Biederman wrote:
>> - When tracing capture the kuid.
>> - When displaying the data to user space convert the kuid into the
>> user namespace of the process that opened the report file.
>>
>
&g
audit_gid_comparator.
The net result is that the audit subsystem now uses kuid_t and kgid_t whenever
possible making it almost impossible to confuse a raw uid_t with a kuid_t
preventing bugs.
Cc: Al Viro
Cc: Eric Paris
Cc: Paul Moore
Cc: David Miller
Cc: Greg Kroah-Hartman
Signed-off-by: Eric W
Evgeniy Polyakov writes:
> On Sat, Aug 25, 2012 at 05:02:59PM -0700, Eric W. Biederman
> (ebied...@xmission.com) wrote:
>>
>> - Only allow asking for events from the initial user and pid namespace,
>> where we generate the events in.
>>
>> - Convert k
Vyacheslav Dubeyko writes:
> HI,
>
> On Aug 26, 2012, at 3:54 AM, Eric W. Biederman wrote:
>>
>> fs/9p/acl.c |8 +-
>> fs/btrfs/acl.c|8 +-
>> fs/configfs/inode.c |4 +-
>> fs/debugfs/inode.c
Jan Kara writes:
> Hello,
>
> On Sat 25-08-12 17:05:35, Eric W. Biederman wrote:
>> Two helper are added dqgetusr and dqgetgrp to allow the quota
>> infrastructure to be called with a kuid and a kgid respectively. This
>> creates type safe variants of dqge
"Serge E. Hallyn" writes:
> Quoting Aristeu Rozanski (a...@ruivo.org):
>> Tejun,
>> On Thu, Sep 13, 2012 at 01:58:27PM -0700, Tejun Heo wrote:
>> > memcg can be handled by memcg people and I can handle cgroup_freezer
>> > and others with help from the authors. The problematic one is
>> > b
cture as much as possible.
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> "Serge E. Hallyn" writes:
>>
>> > Quoting Aristeu Rozanski (a...@ruivo.org):
>> >> Tejun,
>> >> On Thu, Sep 13, 2012 a
Alan Cox writes:
>> One piece of the puzzle is that we should be able to allow unprivileged
>> device node creation and access for any device on any filesystem
>> for which it unprivileged access is safe.
>
> Which devices are "safe" is policy for all interesting and useful cases,
> as are file p
ebied...@xmission.com (Eric W. Biederman) writes:
> Alan Cox writes:
>
>>> One piece of the puzzle is that we should be able to allow unprivileged
>>> device node creation and access for any device on any filesystem
>>> for which it unprivileged access is safe.
Serge Hallyn writes:
> On 09/16/2012 07:17 AM, Eric W. Biederman wrote:
>> ebied...@xmission.com (Eric W. Biederman) writes:
>>
>>> Alan Cox writes:
>>>
>>>>> One piece of the puzzle is that we should be able to allow unprivileged
>>>
James Bottomley writes:
> On Fri, 2012-09-14 at 14:36 -0400, Aristeu Rozanski wrote:
>> also, heard about the desire of having a device namespace instead with
>> support for translation ("sda" -> "sdf"). If anyone see immediate use for
>> this please let me know.
>
> That sounds like a really bad
Serge Hallyn writes:
>>> That's what I said a few emails ago :) The device cgroup was meant as
>>> a short-term workaround for lack of user (and device) namespaces.
>>
>> I am saying something stronger. The device cgroup doesn't seem to have
>> a practical function now.
>
> "Now" is wrong. The
Alan Cox writes:
>> At least with a recent modern distro I can't imagine this to be an
>> issue. I expect we could have a kernel build option that removed the
>> mknod system call and a modern distro wouldn't notice.
>
> A few things beyond named pipes will break. PCMCIA I believe still
> depend
hongfeng writes:
> orderly_poweroff is trying to poweroff platform by two steps:
> step 1: Call userspace application to poweroff
> step 2: If userspace poweroff fail, then do a force power off if force param
> is set.
>
> The bug here is, step 1 is always successful with param UMH_NO_WAIT,
Thi
Feng Hong writes:
> Hi, Eric
>
> 1. We are developing on an Android phone platform, we use thermal
> framework to monitor the temperature, when the temperature above like
> 110 degree, thermal framework will use orderly_shutdown to shutdown
> phone, however, on Android platform there is no " /sbi
Dave thank you earlier taking some time to do review. It made me
realize that my code was not as mature as it needed to be.
That said you missed a lot of important details, and I will aim at
to address some of the highlights.
Precedent in naming. that has been merged since 3.5, earlier
there i
#x27;t the only
cross subsystem change.
The biggest clarification of the core kernel code is to bring the quota
projid concept out of hiding and into the open.
Eric W. Biederman (27):
userns: Convert security/keys to the new userns infrastructure
userns: net: Call key_alloc with GLOBA
501 - 600 of 5726 matches
Mail list logo
