: Pavel Emelyanov xe...@openvz.org
Cc: Serge Hallyn serge.hal...@canonical.com
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
Cc: Jiri Slaby jsl...@suse.cz
Signed-off-by: Aristeu Rozanski a...@redhat.com
--- github.orig/security/device_cgroup.c 2012-10-26 17:18:01.739366780
-0400
Quoting Richard Weinberger (rich...@nod.at):
Am 21.09.2012 02:28, schrieb Eric W. Biederman:
From: Eric W. Biederman ebied...@xmission.com
Cc: Jeff Dike jd...@addtoit.com
Cc: Richard Weinberger rich...@nod.at
Acked-by: Serge Hallyn serge.hal...@canonical.com
Signed-off-by: Eric W
Quoting Stanislav Kinsbursky (skinsbur...@parallels.com):
This is a cleanup patch. The assignment is redundant.
Signed-off-by: Stanislav Kinsbursky skinsbur...@parallels.com
---
ipc/msg.c |1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
Quoting Eric W. Biederman (ebied...@xmission.com):
From: Eric W. Biederman ebied...@xmission.com
Cc: Stephen Smalley s...@tycho.nsa.gov
Cc: James Morris james.l.mor...@oracle.com
Cc: Eric Paris epa...@parisplace.org
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
Signed-off-by: Eric W.
Quoting Eric W. Biederman (ebied...@xmission.com):
From: Eric W. Biederman ebied...@xmission.com
Cc: Martin Schwidefsky schwidef...@de.ibm.com
Cc: Heiko Carstens heiko.carst...@de.ibm.com
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
Signed-off-by: Eric W. Biederman
Quoting Eric W. Biederman (ebied...@xmission.com):
From: Eric W. Biederman ebied...@xmission.com
These ia64 uses of current_uid and current_gid slipped through the
cracks when I was converting everything to kuids and kgids convert
them now.
Cc: Tony Luck tony.l...@intel.com
Cc: Fenghua
Quoting Eric W. Biederman (ebied...@xmission.com):
From: Eric W. Biederman ebied...@xmission.com
Cc: Benjamin Herrenschmidt b...@kernel.crashing.org
Cc: Paul Mackerras pau...@samba.org
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
Signed-off-by: Eric W. Biederman ebied...@xmission.com
Quoting Eric W. Biederman (ebied...@xmission.com):
From: Eric W. Biederman ebied...@xmission.com
Convert getresuid, getresgid, getuid, geteuid, getgid, getegid
Convert struct cred kuids and kgids into userspace uids and gids when
returning them.
These s390 system calls slipped through
Quoting Matthew Garrett (m...@redhat.com):
Secure boot adds certain policy requirements, including that root must not
be able to do anything that could cause the kernel to execute arbitrary code.
The simplest way to handle this would seem to be to add a new capability
and gate various
Quoting Matthew Garrett (m...@redhat.com):
From: Josh Boyer jwbo...@redhat.com
This forcibly drops CAP_COMPROMISE_KERNEL from both cap_permitted and cap_bset
in the init_cred struct, which everything else inherits from. This works on
any machine and can be used to develop even if the box
Quoting Matthew Garrett (m...@redhat.com):
The firmware has a set of flags that indicate whether secure boot is enabled
and enforcing. Use them to indicate whether the kernel should lock itself
down.
Signed-off-by: Matthew Garrett m...@redhat.com
(purely for the non-firmware bits) seems
step, remove it from being
listed, and default it to on. Once it has been removed from all
subsystem Kconfigs, it will be dropped entirely.
CC: Greg KH gre...@linuxfoundation.org
CC: Eric W. Biederman ebied...@xmission.com
CC: Serge Hallyn serge.hal...@canonical.com
CC: Paul E
, remove it from being
listed, and default it to on. Once it has been removed from all
subsystem Kconfigs, it will be dropped entirely.
CC: Greg KH gre...@linuxfoundation.org
CC: Eric W. Biederman ebied...@xmission.com
CC: Serge Hallyn serge.hal...@canonical.com
Drat, thanks Andrew, I thought I had a testcase for that in LTP, but
apparently not.
capsh --caps=all=eip -- -c /bin/bash
indeed fails with this patch (and succeeds without).
So
Nacked-by: Serge Hallyn serge.hal...@canonical.com
since this is a much more common idiom, enough so that I'm
Quoting Kees Cook (keesc...@chromium.org):
It is currently impossible to examine the state of seccomp for
a given process. While attaching with gdb and attempting call
prctl(PR_GET_SECCOMP,...) will work with some situations, it is not
reliable. If the process is in seccomp mode 1, this query
Quoting Tejun Heo (t...@kernel.org):
clone_children makes cgroup invoke -post_clone() callback if it
exists and sets CGRP_CLONE_CHILDREN. -post_clone(), while being
named generically, is only supposed to copy configuration from its
parent.
This is an entirely convenience feature which is
...@huawei.com
Cc: James Morris jmor...@namei.org
Cc: Pavel Emelyanov xe...@openvz.org
Cc: Serge Hallyn serge.hal...@canonical.com
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
Signed-off-by: Jiri Slaby jsl...@suse.cz
---
And this should fix it.
security/device_cgroup.c | 15
: Tejun Heo t...@kernel.org
Cc: Li Zefan lize...@huawei.com
Cc: James Morris jmor...@namei.org
Cc: Pavel Emelyanov xe...@openvz.org
Cc: Serge Hallyn serge.hal...@canonical.com
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
Cc: Jiri Slaby jsl...@suse.cz
Signed-off-by: Aristeu Rozanski
-foundation.org
Cc: Tejun Heo t...@kernel.org
Cc: Li Zefan lize...@huawei.com
Cc: James Morris jmor...@namei.org
Cc: Pavel Emelyanov xe...@openvz.org
Cc: Serge Hallyn serge.hal...@canonical.com
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
Cc: Jiri Slaby jsl...@suse.cz
Signed-off-by: Aristeu
: Serge Hallyn serge.hal...@canonical.com
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
Thanks, Aristeu.
Cc: Jiri Slaby jsl...@suse.cz
Signed-off-by: Aristeu Rozanski a...@redhat.com
---
security/device_cgroup.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion
Quoting Stanislav Kinsbursky (skinsbur...@parallels.com):
This is a cleanup patch. The assignment is redundant.
Signed-off-by: Stanislav Kinsbursky skinsbur...@parallels.com
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
---
ipc/msg.c |5 +
1 files changed, 1 insertions(+), 4
Quoting Stanislav Kinsbursky (skinsbur...@parallels.com):
This patch introduces existent segment key changing infrastructure.
New function ipc_update_key() can be used change segment key, cuid, cgid
values. It checks for that new key is not used (except IPC_PRIVATE) prior to
set it on
Quoting Stanislav Kinsbursky (skinsbur...@parallels.com):
New SHM_SET command will be interpreted exactly as IPC_SET, but also will
update key, cuid and cgid values. IOW, it allows to change existent key value.
The fact, that key is not used is checked before update. Otherwise -EEXIST is
Quoting Stanislav Kinsbursky (skinsbur...@parallels.com):
New MSG_SET command will be interpreted exactly as IPC_SET, but also will
update key, cuid and cgid values. IOW, it allows to change existent key value.
The fact, that key is not used is checked before update. Otherwise -EEXIST is
Quoting Stanislav Kinsbursky (skinsbur...@parallels.com):
The reason for shit patch is that SET_SET is desired to be a part of new part
of API of IPC sys_semctl() system call.
The name itself for IPC is quite natural, because all linux-specific commands
names for IPC system calls are
Quoting Stanislav Kinsbursky (skinsbur...@parallels.com):
New SEM_SET command will be interpreted exactly as IPC_SET, but also will
update key, cuid and cgid values. IOW, it allows to change existent key value.
The fact, that key is not used is checked before update. Otherwise -EEXIST is
Quoting Stanislav Kinsbursky (skinsbur...@parallels.com):
This patch is required for checkpoint/restore in userspace.
IOW, c/r requires some way to get all pending IPC messages without deleting
them from the queue (checkpoint can fail and in this case tasks will be
resumed,
so queue have to
Quoting Kees Cook (keesc...@chromium.org):
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: Eric W. Biederman ebied...@xmission.com
CC: Serge Hallyn serge.hal...@canonical.com
CC
Quoting Kees Cook (keesc...@chromium.org):
On Wed, Oct 24, 2012 at 6:48 AM, Serge Hallyn
serge.hal...@canonical.com wrote:
Quoting Kees Cook (keesc...@chromium.org):
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during
: Andrew G. Morgan mor...@kernel.org
Cc: Serge Hallyn serge.hal...@canonical.com
Basic capsh tests seem to have no problem with it.
Thanks, Andrew.
Reviewed-by: Serge E. Hallyn serge.hal...@canonical.com
Cc: Pavel Emelyanov xe...@parallels.com
Cc: Andrew Morton a...@linux-foundation.org
Cc
Quoting Artem Bityutskiy (dedeki...@gmail.com):
From: Artem Bityutskiy artem.bityuts...@linux.intel.com
We display a list of supplementary group for each process in the
/proc/pid/status. However, we show only the first 32 groups, not all of
them.
Although this is rare, but sometimes
Quoting Kees Cook (keesc...@chromium.org):
Stop using spinlocks in the read path. Add RCU list to handle the readers.
Looks good to me. BTW, kfree_rcu is neat :)
Reviewed-by: Serge E. Hallyn serge.hal...@ubuntu.com
Signed-off-by: Kees Cook keesc...@chromium.org
---
Quoting Tejun Heo (t...@kernel.org):
Hello, Serge.
On Sun, Apr 14, 2013 at 08:13:36PM -0500, Serge Hallyn wrote:
If I do
cd /sys/fs/cgroup/memory
mkdir b
cd b
echo 1 memory.use_hierarchy
echo 5000 memory.limit_in_bytes
cat memory.limit_in_bytes
8192
Quoting Aristeu Rozanski (a...@redhat.com):
On Tue, Apr 16, 2013 at 11:24:55PM +0300, Rami Rosen wrote:
In devcgroup_css_alloc(), there is no longer need for parent_cgroup.
bd2953ebbb(devcg: propagate local changes down the hierarchy) made
the variable parent_cgroup redundant. This patch
Quoting Tejun Heo (t...@kernel.org):
A bit of addition.
On Tue, Apr 09, 2013 at 12:38:51PM -0700, Tejun Heo wrote:
We need to make the distribute approach work in order to support
containers, which requiring them to have a back-channel open to
the host userspace. If we can do that,
Quoting Tejun Heo (t...@kernel.org):
There's no reason to be using bitops, which tends to be more
cumbersome, to handle root flags. Convert them to masks. Also, as
they'll be moved to include/linux/cgroup.h and it's generally a good
idea, add CGRP_ prefix.
Note that flags are assigned
Quoting Tejun Heo (t...@kernel.org):
While controllers shouldn't be accessing cgroupfs_root directly, it
being hidden inside kern/cgroup.c makes somethings pretty silly. This
makes routing hierarchy-wide settings which need to be visible to
controllers cumbersome.
We're gonna add another
Quoting Tejun Heo (t...@kernel.org):
It's a sad fact that at this point various cgroup controllers are
carrying so many idiosyncrasies and pure insanities that it simply
isn't possible to reach any sort of sane consistent behavior while
maintaining staying fully compatible with what already
Quoting Tejun Heo (t...@kernel.org):
Turn on use_hierarchy by default if sane_behavior is specified and
don't create .use_hierarchy file.
It is debatable whether to remove .use_hierarchy file or make it ro as
the former could make transition easier in certain cases; however, the
behavior
Quoting Tejun Heo (t...@kernel.org):
Turn on use_hierarchy by default if sane_behavior is specified and
don't create .use_hierarchy file.
It is debatable whether to remove .use_hierarchy file or make it ro as
the former could make transition easier in certain cases; however, the
behavior
Hi,
you mention that after creating a new user namespace you at first have
all capabilities in the new ns. You don't explicitly mention (or I
missed it - I did see the mention of securebits) that if you want to
keep those capabilities after doing an exec, you need to first have
something mapped
`; do
nsexec -n -- /bin/sleep 1000
if [ $((i % 100)) -eq 0 ]; then
echo $i | tee -a /tmp/timings3
date | tee -a /tmp/timings3
fi
done
(all scripts run under sudo, and nsexec can be found at
https://code.launchpad.net/~serge-hallyn/+junk/nsexec))
So that isn't
KOBJ_ADD to new netns. There will then be a
_MOVE event from the device_rename() call, but that should
be innocuous.
Signed-off-by: Serge Hallyn serge.hal...@canonical.com
Acked-by: Eric W. Biederman ebied...@xmission.com
Acked-by: Daniel Lezcano daniel.lezc...@free.fr
---
net/core/dev.c |6
Quoting Aristeu Rozanski (a...@redhat.com):
On Mon, Feb 11, 2013 at 06:52:39PM +, Serge E. Hallyn wrote:
getting rid of local settings would buy more simplicity
(Not sure which you mean here by 'getting rid of local settings')
no local.{behavior,exceptions}, which still would allow
Quoting Aristeu Rozanski (a...@redhat.com):
hm, no. I think you misunderstood local.behavior = DEVCG_DEFAULT_NONE.
This means there's no local preference for behavior. local.* are just
the local preferences that need to be revalidated everytime something is
propagated. Or did you mean
Quoting Chen Gang (gang.c...@asianux.com):
于 2013年02月06日 16:56, Cyrill Gorcunov 写道:
On Wed, Feb 06, 2013 at 04:44:35PM +0800, Chen Gang wrote:
diff --git a/kernel/sys.c b/kernel/sys.c
index 24d1ef5..568b9ca 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2027,7 +2027,7 @@
Quoting Raphael S.Carvalho (raphael.sc...@gmail.com):
It seems GCC generates a better code in that way, so I changed that statement.
Btw, they have the same semantic, so I'm sending this patch due to
performance issues.
Signed-off-by: Raphael S.Carvalho raphael.sc...@gmail.com
Acked-by:
Quoting Glauber Costa (glom...@parallels.com):
Reboot support for pid namespaces is already implemented and it works
well. However, in most containers the tasks will join all namespaces,
including the now supported user namespace. In that situation, we will
fail the capable test and won't be
Quoting Aristeu Rozanski (a...@redhat.com):
This patchset implements device cgroup hierarchy. Exceptions will be
propagated down in the tree and local preferences will be re-evaluated
everytime a change in its parent occours, reapplying them if it's still
possible.
Thanks Aristeu! I may not
Congratulations, Pavel and criu team, that's awesome!
Quoting Pavel Emelyanov (xe...@parallels.com):
Hi!
I'm happy to announce that the next big step is done by the CRIU project.
The major achievement so far -- the tool can now dump and restore a simple LXC
container. Another notable
Quoting Feng Hong (hongf...@marvell.com):
Hi, Serge,
I am just a graduate and it's my first time to send a patch to opensource, so
thank you very much for reminding me the changelog affairs, it seems this
patch has been added to -mm tree as attached mail, and I have no chance to
change
On 09/16/2012 07:17 AM, Eric W. Biederman wrote:
ebied...@xmission.com (Eric W. Biederman) writes:
Alan Cox a...@lxorguk.ukuu.org.uk writes:
One piece of the puzzle is that we should be able to allow unprivileged
device node creation and access for any device on any filesystem
for which it
On 09/16/2012 09:23 AM, Eric W. Biederman wrote:
Serge Hallyn se...@hallyn.com writes:
On 09/16/2012 07:17 AM, Eric W. Biederman wrote:
ebied...@xmission.com (Eric W. Biederman) writes:
Alan Cox a...@lxorguk.ukuu.org.uk writes:
One piece of the puzzle is that we should be able to allow
Quoting Kees Cook (keesc...@chromium.org):
Instead of (or in addition to) kernel module signing, being able to reason
about the origin of a kernel module would be valuable in situations
where an OS already trusts a specific file system, file, etc, due to
things like security labels or an
Quoting Kees Cook (keesc...@chromium.org):
Now that kernel module origins can be reasoned about, provide a hook to
the LSMs to make policy decisions about the module file.
Signed-off-by: Kees Cook keesc...@chromium.org
Acked-by: Serge E. Hallyn serge.hal...@canonical.com
---
Quoting Kees Cook (keesc...@chromium.org):
Unconditionally call Yama when CONFIG_SECURITY_YAMA_STACKED is selected,
no matter what LSM module is primary.
Ubuntu and Chrome OS already carry patches to do this, and Fedora
has voiced interest in doing this as well. Instead of having multiple
Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com):
There are several functions, that need to calculate digest.
This patch adds common function for use by integrity subsystem.
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
---
security/integrity/digsig.c| 31
Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com):
IMA measures/appraises modules when modprobe or insmod opens and read them.
Unfortunately, there are no guarantees between what is read by userspace and
what is passed to the kernel via load_module system call. This patch adds a
hook called
Quoting Kasatkin, Dmitry (dmitry.kasat...@intel.com):
On Thu, Aug 16, 2012 at 12:11 AM, Kasatkin, Dmitry
dmitry.kasat...@intel.com wrote:
On Wed, Aug 15, 2012 at 11:11 PM, Serge Hallyn
serge.hal...@canonical.com wrote:
Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com
Quoting Alex Kelly (alex.page.ke...@gmail.com):
Adds an expert Kconfig option, CONFIG_COREDUMP, which allows disabling of
core dump.
This saves approximately 2.6k in the compiled kernel, and complements
CONFIG_ELF_CORE,
which now depends on it.
Is there another reason than the 2.6k to do
Quoting Josh Triplett (j...@joshtriplett.org):
On Fri, Aug 10, 2012 at 08:23:23AM -0500, Serge Hallyn wrote:
Quoting Alex Kelly (alex.page.ke...@gmail.com):
Adds an expert Kconfig option, CONFIG_COREDUMP, which allows disabling of
core dump.
This saves approximately 2.6k
Eric,
during the container reboot discussion, the agreement was reached that
rebooting for real fron non-init pid ns is not safe. Restarting userspace (in
pidns caller owns) is. I argue the same reasoning supports this.
I haven't had a chance to review the patch, but the idea gets my ack.
Quoting Andrew Morton (a...@linux-foundation.org):
On Fri, 6 Jul 2012 13:09:07 +0400
Glauber Costa glom...@parallels.com wrote:
When we change the namespace tag of a sysfs entry, the associated dentry
is still kept around. readdir() will work correctly and not display the
old entries,
Quoting Kirill A. Shutemov (kirill.shute...@linux.intel.com):
On Wed, Jul 11, 2012 at 03:24:22PM -0700, Andrew Morton wrote:
Am I reading that right? 1000 forks take 33 seconds, with basically
all of it just sitting there asleep? This look quite terrible - what
causes this?
It seems
Quoting Pavel Emelyanov (xe...@parallels.com):
Fixing the bogus containers@ ml and adding cgroups@ one. Sorry :(
== Original message ==
Hi!
I'm glad to announce the first release of the checkpoint-restore tool.
This project is an attempt to implement the checkpoint-restore
Quoting Andy Lutomirski (l...@amacapital.net):
On Tue, Dec 4, 2012 at 5:54 AM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Andy Lutomirski (l...@amacapital.net):
d) If I really wanted, I could emulate execve without actually doing
execve, and capabilities would be inherited.
If
Quoting Andy Lutomirski (l...@amacapital.net):
On Wed, Dec 5, 2012 at 1:05 PM, Serge Hallyn serge.hal...@canonical.com
wrote:
Quoting Andy Lutomirski (l...@amacapital.net):
On Tue, Dec 4, 2012 at 5:54 AM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Andy Lutomirski (l
Quoting Andy Lutomirski (l...@amacapital.net):
Signed-off-by: Andy Lutomirski l...@amacapital.net
---
Documentation/security/capabilities.txt | 161
1 file changed, 161 insertions(+)
create mode 100644 Documentation/security/capabilities.txt
TBH, I think
Quoting Rob Landley (r...@landley.net):
The fact that you need multiple sets of capabilities per process
(permitted, inheritable, effective), plus MORE sets (plural) of
capabilities attached to executable files, plus the capability
bounding set which is presumably so selinux can mess with it,
Quoting Andrew G. Morgan (mor...@kernel.org):
I'm still missing something with the problem definition.
So far if I follow the discussion we have determined that inheritance as
implemented is OK except for the fact that giving user an inheritable pI
bit which gives them default permission to
Quoting Andrew G. Morgan (mor...@kernel.org):
It breaks down because, currently, users with nonzero pI have no
direct ability to wield the capabilities. That means that every
single binary with fI bits set needs to be as careful as a setuid-root
binary to avoid leaking privilege to the
Quoting Andy Lutomirski (l...@amacapital.net):
It's especially bad because granting CAP_DAC_READ_SEARCH to user foo
doesn't mean anything. Is he authorized to back things up to
encrypted storage?
We're talking about privileges at the kernel level here, and there is
no way this could be
Quoting Casey Schaufler (ca...@schaufler-ca.com):
On 12/10/2012 6:59 AM, Serge Hallyn wrote:
Quoting Andy Lutomirski (l...@amacapital.net):
It's especially bad because granting CAP_DAC_READ_SEARCH to user foo
doesn't mean anything. Is he authorized to back things up to
encrypted storage
Quoting Kees Cook (keesc...@chromium.org):
Instead of locking the list during a delete, mark entries as invalid
and trigger a workqueue to clean them up. This lets us easily handle
task_free from interrupt context.
Cc: Sasha Levin sasha.le...@oracle.com
Signed-off-by: Kees Cook
Quoting Li Zefan (lize...@huawei.com):
In a container with its own pid namespace and user namespace, rebooting
the system won't reboot the host, but terminate all the processes in
it and thus have the container shutdown, so it's safe.
Signed-off-by: Li Zefan lize...@huawei.com
Thanks, Li.
Quoting Andy Lutomirski (l...@amacapital.net):
On Sat, Dec 8, 2012 at 3:57 PM, Andy Lutomirski l...@amacapital.net wrote:
I just tried to search to find actual uses of pI/fI. Here's what I found:
I downloaded all the Fedora spec files and searched for file
capabilities. Assuming I
Quoting Neil Horman (nhor...@tuxdriver.com):
Theres one problem I currently see with it, and that is that I'm not sure we
can
change the current behavior of how the root fs is set for the pipe reader,
lest
we break some user space expectations. As such, I've added a sysctl in this
patch to
Quoting Tejun Heo (t...@kernel.org):
From 6e405c1ae4018d813e8ed9e0bd463d6976aebfa8 Mon Sep 17 00:00:00 2001
From: Tejun Heo t...@kernel.org
Date: Tue, 13 Nov 2012 12:21:50 -0800
clone_children is only meaningful for cpuset and will stay that way.
Rename the flag to reflect that and update
Quoting Eric W. Biederman (ebied...@xmission.com):
From: Eric W. Biederman ebied...@xmission.com
- Allow chown if CAP_CHOWN is present in the current user namespace
and the uid of the inode maps into the current user namespace, and
the destination uid or gid maps into the current user
Quoting Eric W. Biederman (ebied...@xmission.com):
From: Eric W. Biederman ebied...@xmission.com
Instead of using current_userns() use the userns of the opener
of the file so that if the file is passed between processes
the contents of the file do not change.
Signed-off-by: Eric W.
Quoting Eric W. Biederman (ebied...@xmission.com):
From: Eric W. Biederman ebied...@xmission.com
To keep things sane in the context of file descriptor passing derive the
user namespace that uids are mapped into from the opener of the file
instead of from current.
When writing to the maps
Quoting Eric W. Biederman (ebied...@xmission.com):
From: Eric W. Biederman ebied...@xmission.com
Generalize the proc inode allocation so that it can be
used without having to having to create a proc_dir_entry.
This will allow namespace file descriptors to remain light
weight entitities
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge Hallyn serge.hal...@canonical.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
From: Eric W. Biederman ebied...@xmission.com
To keep things sane in the context of file descriptor passing derive the
user namespace
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge Hallyn serge.hal...@canonical.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge Hallyn serge.hal...@canonical.com writes:
Quoting Eric W. Biederman (ebied...@xmission.com):
From: Eric W. Biederman ebied
Quoting Eric W. Biederman (ebied...@xmission.com):
Since this still has not been addressed. I am going to repeat Andrews
objection again.
Isn't there a better way to get iptables information out than to use
syslog. I did not have time to follow up on that but it did appear that
Bruno
Quoting Chen Gang (gang.c...@asianux.com):
When unshare_userns() succeed, recommend to always set the return
parameter which may be used by caller.
The caller has rights to call it with 'new_cred' uninitialized, if
succeed, the caller can assume the 'new_cred' has been initialized.
But the
Thanks Stéphane. There were no objections last time this was posted,
right? Hopefully it can be applied this time.
-serge
Quoting Stéphane Graber (stgra...@ubuntu.com):
This adds a new %P variable to be used in core_pattern. This variable contains
the global PID (PID in the init namespace)
All the files will be owned by host root, so there's no security
concern in allowing this.
(These are mounted by default by mountall, and if permission is
denied then by default container boot will hang)
Signed-off-by: Serge Hallyn serge.hal...@canonical.com
---
fs/debugfs/inode.c | 1 +
fs
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge E. Hallyn se...@hallyn.com writes:
I'm not relying on LSM to make these safe. I'm relying on the
uid mappings to make these safe.
Nevertheless I at least have hope of working around the others (in a
distro-acceptable way), so
Hi Oleg,
commit 40a0d32d1eaffe6aac7324ca92604b6b3977eb0e :
fork: unify and tighten up CLONE_NEWUSER/CLONE_NEWPID checks
breaks lxc-attach in 3.12. That code forks a child which does
setns() and then does a clone(CLONE_PARENT). That way the
grandchild can be in the right namespaces (which the
Quoting Oleg Nesterov (o...@redhat.com):
Hi Serge,
On 11/06, Serge Hallyn wrote:
Hi Oleg,
commit 40a0d32d1eaffe6aac7324ca92604b6b3977eb0e :
fork: unify and tighten up CLONE_NEWUSER/CLONE_NEWPID checks
breaks lxc-attach in 3.12. That code forks a child which does
setns
Quoting Eric W. Biederman (ebied...@xmission.com):
Oleg Nesterov o...@redhat.com writes:
Hi Serge,
On 11/06, Serge Hallyn wrote:
Hi Oleg,
commit 40a0d32d1eaffe6aac7324ca92604b6b3977eb0e :
fork: unify and tighten up CLONE_NEWUSER/CLONE_NEWPID checks
breaks lxc-attach in 3.12
Quoting Andy Lutomirski (l...@amacapital.net):
On Wed, Nov 6, 2013 at 2:50 PM, Eric W. Biederman ebied...@xmission.com
wrote:
Oleg Nesterov o...@redhat.com writes:
Hi Serge,
On 11/06, Serge Hallyn wrote:
Hi Oleg,
commit 40a0d32d1eaffe6aac7324ca92604b6b3977eb0e :
fork: unify
Quoting Libo Chen (clbchenlibo.c...@huawei.com):
Hello LXC experts,
I meet a problem. When using vlan as network device in suse11 system
container,
I can not use halt to stop this container. It hung on eth0 is still used
from interfaces eth0 in cycle.
The config file:
Quoting Libo Chen (clbchenlibo.c...@huawei.com):
On 2013/11/29 13:05, Serge Hallyn wrote:
Quoting Libo Chen (clbchenlibo.c...@huawei.com):
Hello LXC experts,
I meet a problem. When using vlan as network device in suse11 system
container,
I can not use halt to stop this container
Quoting Joe Perches (j...@perches.com):
Prefix logging output with capability: via pr_fmt.
Convert printks to pr_level.
Use pr_level_once instead of guard flags.
Coalesce formats.
Signed-off-by: Joe Perches j...@perches.com
Thanks.
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
---
Quoting Joe Perches (j...@perches.com):
Convert printks to pr_level.
Add pr_fmt to prefix output with security: or capability:
Coalesce formats.
Use a generic string for pr_debug to reduce object size.
Signed-off-by: Joe Perches j...@perches.com
---
Acked-by: Serge E. Hallyn
Quoting Jeff Layton (jlay...@redhat.com):
Currently, cap_dentry_init_security returns 0 without actually
initializing the security label. This confuses its only caller
(nfs4_label_init_security) which expects an error in that situation, and
causes it to end up sending out junk onto the wire
://sourceware.org/glibc/wiki/Synchronizing_Headers
for more information.)
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
---
include/uapi/linux/libc-compat.h | 5 +
include/uapi/linux/xattr.h | 7 +++
2 files changed, 12 insertions(+)
diff --git a/include/uapi/linux/libc
://sourceware.org/glibc/wiki/Synchronizing_Headers
for more information.)
v2: As Allan McRae points out, __UAPI_DFE_XATTR should only be
set to zero when _SYS_XATTR_H is defined.
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Cc: linux-fsde...@vger.kernel.org
Cc: Andrew Morton a...@linux
1 - 100 of 628 matches
Mail list logo