Quoting Seth Forshee (seth.fors...@canonical.com): > On Fri, Dec 04, 2015 at 11:27:38AM -0600, Serge E. Hallyn wrote: > > On Wed, Dec 02, 2015 at 09:40:09AM -0600, Seth Forshee wrote: > > > Add checks to inode_change_ok to verify that uid and gid changes > > > will map into the superblock's user namespace. If they do not > > > fail with -EOVERFLOW. This cannot be overriden with ATTR_FORCE. > > > > > > Signed-off-by: Seth Forshee <seth.fors...@canonical.com> > > > > Acked-by: Serge Hallyn <serge.hal...@canonical.com> > > > > ... although i could see root on the host being upset that it can't > > assign a uid not valid in the mounter's ns. But it does seem safer. > > That change wouldn't be representable in the backing store though, and > that could lead to unexpected behaviour. It's better to tell root that > we can't make the requested change, in my opinion.
Makes sense. Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
