"Eric W. Biederman" <[email protected]> writes:
> Limit per userns sysctls to only be opened for write by a holder
> of CAP_SYS_RESOURCE.
>
> Add all of the necessary boilerplate for having per user namespace
> sysctls.
> @@ -141,6 +215,7 @@ void free_user_ns(struct user_namespace *ns)
>
> do {
> parent = ns->parent;
> + retire_userns_sysctls(ns);
^^^^^^^^^^ Unfortunately it is not safe to call a sleeping function here
so this part needs to be taken back to the drawing board.
Which means this change gets has to wait for next cycle.
> #ifdef CONFIG_PERSISTENT_KEYRINGS
> key_put(ns->persistent_keyring_register);
> #endif
Eric
