subject:"\[PATCH 05\/11\] fs\: Allow superblock owner to access do_remount_sb\(\)"

Re: [PATCH 05/11] fs: Allow superblock owner to access do_remount_sb()

2017-12-22 Thread Serge E. Hallyn

On Fri, Dec 22, 2017 at 03:32:29PM +0100, Dongsu Park wrote: > From: Seth Forshee > > Superblock level remounts are currently restricted to global > CAP_SYS_ADMIN, as is the path for changing the root mount to > read only on umount. Loosen both of these permission

Re: [PATCH 05/11] fs: Allow superblock owner to access do_remount_sb()

2017-12-22 Thread Serge E. Hallyn

On Fri, Dec 22, 2017 at 03:32:29PM +0100, Dongsu Park wrote: > From: Seth Forshee > > Superblock level remounts are currently restricted to global > CAP_SYS_ADMIN, as is the path for changing the root mount to > read only on umount. Loosen both of these permission checks to > also allow

[PATCH 05/11] fs: Allow superblock owner to access do_remount_sb()

2017-12-22 Thread Dongsu Park

From: Seth Forshee Superblock level remounts are currently restricted to global CAP_SYS_ADMIN, as is the path for changing the root mount to read only on umount. Loosen both of these permission checks to also allow CAP_SYS_ADMIN in any namespace which is privileged

[PATCH 05/11] fs: Allow superblock owner to access do_remount_sb()

2017-12-22 Thread Dongsu Park

From: Seth Forshee Superblock level remounts are currently restricted to global CAP_SYS_ADMIN, as is the path for changing the root mount to read only on umount. Loosen both of these permission checks to also allow CAP_SYS_ADMIN in any namespace which is privileged towards the userns which