On Thu, Sep 17, 2020 at 1:33 PM Randy Dunlap wrote:
>
> On 9/17/20 3:23 AM, Stephen Rothwell wrote:
> > Hi all,
> >
> > Changes since 20200916:
> >
>
> I am seeing build errors when CONFIG_SYSCTL is not set:
>
> ld: net/ipv4/ip_tunnel.o: in function `ip_tunnel_init_net':
> ip_tunnel.c:(.text+0x2ea
On Wed, Aug 14, 2019 at 5:10 PM Bill Sommerfeld wrote:
>
> Allow encapsulated packets sent to tunnels layered over ipvlan to use
> offloads rather than forcing SW fallbacks.
>
> Since commit f21e5077010acda73a60 ("macvlan: add offload features for
> encapsulation"), macvlan has set dev->hw_enc_fea
On Thu, Jul 11, 2019 at 11:48 PM kernel test robot
wrote:
>
> FYI, we noticed the following commit (built with gcc-7):
>
> commit: 509e56b37cc32c9b5fc2be585c25d1e60d6a1d73 ("blackhole_dev: add a
> selftest")
> https://kernel.googlesource.com/pub/scm/linux/kernel/git/next/linux-next.git
> master
On Tue, Jul 2, 2019 at 5:54 AM Geert Uytterhoeven wrote:
>
> Hi Mahesh,
>
> On Mon, 1 Jul 2019, Mahesh Bandewar wrote:
> > Create a blackhole net device that can be used for "dead"
> > dst entries instead of loopback device. This blackhole device differs
> > from loopback in few aspects: (
On Fri, May 24, 2019 at 2:17 PM Jay Vosburgh wrote:
>
> Jarod Wilson wrote:
>
> >Once in a while, with just the right timing, 802.3ad slaves will fail to
> >properly initialize, winding up in a weird state, with a partner system
> >mac address of 00:00:00:00:00:00. This started happening after a
On Tue, Jan 9, 2018 at 2:28 PM, Serge E. Hallyn wrote:
> Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com):
>> On Mon, Jan 8, 2018 at 10:36 AM, Serge E. Hallyn wrote:
>> > Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com):
>> >> On Mon, Ja
On Mon, Jan 8, 2018 at 10:36 AM, Serge E. Hallyn wrote:
> Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com):
>> On Mon, Jan 8, 2018 at 10:11 AM, Serge E. Hallyn wrote:
>> > Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com):
>> >> On Mon, J
On Mon, Jan 8, 2018 at 10:11 AM, Serge E. Hallyn wrote:
> Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com):
>> On Mon, Jan 8, 2018 at 7:47 AM, Serge E. Hallyn wrote:
>> > Quoting James Morris (james.l.mor...@oracle.com):
>> >> On Mon, 8 Jan 2018, Serge
On Mon, Jan 8, 2018 at 7:47 AM, Serge E. Hallyn wrote:
> Quoting James Morris (james.l.mor...@oracle.com):
>> On Mon, 8 Jan 2018, Serge E. Hallyn wrote:
>>
>> > > Also, why do we need the concept of a controlled user-ns at all, if the
>> > > default whitelist maintains existing behavior?
>> >
>> >
On Thu, Jan 4, 2018 at 12:19 AM, SF Markus Elfring
wrote:
>> If you see 8 out of 9 call sites in this file ignore the return value.
>
> How do you think about to fix error detection and corresponding
> exception handling then?
>
If I understand your question correctly - not having memory is not a
On Wed, Jan 3, 2018 at 8:44 AM, Eric W. Biederman wrote:
> Mahesh Bandewar writes:
>
>> From: Mahesh Bandewar
>>
>> TL;DR version
>> -
>> Creating a sandbox environment with namespaces is challenging
>> considering what these sandboxed processes can engage into. e.g.
>> CVE-2017-6074
On Wed, Jan 3, 2018 at 12:45 AM, SF Markus Elfring
wrote:
>>> Omit an extra message for a memory allocation failure in this function.
>>>
>>> This issue was detected by using the Coccinelle software.
>>>
>> What is the issue with this message?
>
> * Is it redundant?
>
> * Would a Linux allocation
On Mon, Jan 1, 2018 at 8:07 AM, SF Markus Elfring
wrote:
> From: Markus Elfring
> Date: Mon, 1 Jan 2018 17:00:04 +0100
>
> Omit an extra message for a memory allocation failure in this function.
>
> This issue was detected by using the Coccinelle software.
>
What is the issue with this message?
On Sat, Dec 30, 2017 at 12:50 AM, Michael Kerrisk (man-pages)
wrote:
> Hello Mahesh,
>
> On 12/05/2017 11:31 PM, Mahesh Bandewar wrote:
>> From: Mahesh Bandewar
>>
>> Add a sysctl variable kernel.controlled_userns_caps_whitelist. This
>> takes input as capability mask expressed as two comma separ
:45 AM, Mahesh Bandewar (महेश बंडेवार) wrote:
>> On Wed, Dec 27, 2017 at 12:23 PM, Michael Kerrisk (man-pages)
>> wrote:
>>> Hello Mahesh,
>>>
>>> On 27 December 2017 at 18:09, Mahesh Bandewar (महेश बंडेवार)
>>> wrote:
>>>> Hello James,
&
On Sat, Dec 30, 2017 at 12:31 AM, James Morris
wrote:
> On Wed, 27 Dec 2017, Mahesh Bandewar (महेश बंडेवार) wrote:
>
>> Hello James,
>>
>> Seems like I missed your name to be added into the review of this
>> patch series. Would you be willing be pull this into the
On Wed, Dec 27, 2017 at 12:23 PM, Michael Kerrisk (man-pages)
wrote:
> Hello Mahesh,
>
> On 27 December 2017 at 18:09, Mahesh Bandewar (महेश बंडेवार)
> wrote:
>> Hello James,
>>
>> Seems like I missed your name to be added into the review of this
>> patch
Hello James,
Seems like I missed your name to be added into the review of this
patch series. Would you be willing be pull this into the security
tree? Serge Hallyn has already ACKed it.
Thanks,
--mahesh..
On Tue, Dec 5, 2017 at 2:30 PM, Mahesh Bandewar wrote:
> From: Mahesh Bandewar
>
> TL;DR
On Wed, Nov 29, 2017 at 9:57 AM, Serge E. Hallyn wrote:
> Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com):
>> On Tue, Nov 28, 2017 at 3:04 PM, Serge E. Hallyn wrote:
>> > Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com):
>> > ...
>> >&g
On Tue, Nov 28, 2017 at 3:04 PM, Serge E. Hallyn wrote:
> Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com):
> ...
>> >> diff --git a/security/commoncap.c b/security/commoncap.c
>> >> index fc46f5b85251..89103f16ac37 100644
>> >> --- a
On Sat, Nov 25, 2017 at 10:40 PM, Serge E. Hallyn wrote:
> Quoting Mahesh Bandewar (mah...@bandewar.net):
>> From: Mahesh Bandewar
>>
>> With this new notion of "controlled" user-namespaces, the controlled
>> user-namespaces are marked at the time of their creation while the
>> capabilities of pr
On Fri, Nov 10, 2017 at 1:46 PM, Serge E. Hallyn wrote:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> single sandbox. I am not at all certain that the capabilities is the
>> proper place to limit code reachability.
>
> Right, I keep having this gut feeling that there is another way we
>
On Fri, Nov 10, 2017 at 1:30 PM, Serge E. Hallyn wrote:
> Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com):
> ...
>> >>
>> >> ==
>> >>
>> >> +controlled_userns_caps_whitel
On Fri, Nov 10, 2017 at 6:58 AM, Eric W. Biederman
wrote:
> "Mahesh Bandewar (महेश बंडेवार)" writes:
>
>> [resend response as earlier one failed because of formatting issues]
>>
>> On Thu, Nov 9, 2017 at 12:21 PM, Serge E. Hallyn wrote:
>>>
>>&
On Fri, Nov 10, 2017 at 2:30 AM, Serge E. Hallyn wrote:
> Quoting Mahesh Bandewar (mah...@bandewar.net):
>> From: Mahesh Bandewar
>>
>> Add a sysctl variable kernel.controlled_userns_caps_whitelist. This
>
> I understand the arguments in favor of whitelists in most cases for
> security purposes.
On Fri, Nov 10, 2017 at 2:22 AM, Serge E. Hallyn wrote:
> Quoting Mahesh Bandewar (mah...@bandewar.net):
>> From: Mahesh Bandewar
>>
>> Add a sysctl variable kernel.controlled_userns_caps_whitelist. This
>> takes input as capability mask expressed as two comma separated hex
>> u32 words. The mask
On Fri, Nov 10, 2017 at 2:25 AM, Serge E. Hallyn wrote:
> Quoting Mahesh Bandewar (mah...@bandewar.net):
>> From: Mahesh Bandewar
>>
>> With this new notion of "controlled" user-namespaces, the controlled
>> user-namespaces are marked at the time of their creation while the
>> capabilities of pro
[resend response as earlier one failed because of formatting issues]
On Thu, Nov 9, 2017 at 12:21 PM, Serge E. Hallyn wrote:
>
> On Thu, Nov 09, 2017 at 09:55:41AM +0900, Mahesh Bandewar (महेश बंडेवार)
> wrote:
> > On Thu, Nov 9, 2017 at 4:02 AM, Christian Brauner
> > wro
On Thu, Nov 9, 2017 at 4:02 AM, Christian Brauner
wrote:
> On Wed, Nov 08, 2017 at 03:09:59AM -0800, Mahesh Bandewar (महेश बंडेवार)
> wrote:
>> Sorry folks I was traveling and seems like lot happened on this thread. :p
>>
>> I will try to response few of these comments s
Sorry folks I was traveling and seems like lot happened on this thread. :p
I will try to response few of these comments selectively -
> The thing that makes me hesitate with this set is that it is a
> permanent new feature to address what (I hope) is a temporary
> problem.
I agree this is permane
On Sat, Nov 4, 2017 at 4:53 PM, Serge E. Hallyn wrote:
>
> Quoting Mahesh Bandewar (mah...@bandewar.net):
> > Init-user-ns is always uncontrolled and a process that has SYS_ADMIN
> > that belongs to uncontrolled user-ns can create another (child) user-
> > namespace that is uncontrolled. Any other
On Mon, Oct 2, 2017 at 11:12 AM, Mahesh Bandewar (महेश बंडेवार)
wrote:
> On Mon, Oct 2, 2017 at 10:14 AM, Serge E. Hallyn wrote:
>> Quoting Mahesh Bandewar (mah...@bandewar.net):
>>> From: Mahesh Bandewar
>>>
>>> [Same as the previous RFC series
On Mon, Oct 2, 2017 at 10:14 AM, Serge E. Hallyn wrote:
> Quoting Mahesh Bandewar (mah...@bandewar.net):
>> From: Mahesh Bandewar
>>
>> [Same as the previous RFC series sent on 9/21]
>>
>> TL;DR version
>> -
>> Creating a sandbox environment with namespaces is challenging
>> consideri
On Sat, Sep 9, 2017 at 4:28 AM, Nikolay Aleksandrov
wrote:
> On 07/09/17 01:47, Kosuke Tatsukawa wrote:
>> Commit cbf5ecb30560 ("net: bonding: Fix transmit load balancing in
>> balance-alb mode") tried to fix transmit dynamic load balancing in
>> balance-alb mode, which wasn't working after commit
On Fri, Sep 8, 2017 at 7:30 AM, Nikolay Aleksandrov
wrote:
> On 08/09/17 17:17, Kosuke Tatsukawa wrote:
>> Hi,
>>
>>> On 08/09/17 13:10, Nikolay Aleksandrov wrote:
On 08/09/17 05:06, Kosuke Tatsukawa wrote:
> Hi,
>
>> On 7.09.2017 01:47, Kosuke Tatsukawa wrote:
>>> Commit cbf
On Thu, Sep 7, 2017 at 5:47 PM, Mahesh Bandewar (महेश बंडेवार)
wrote:
> On Thu, Sep 7, 2017 at 5:39 PM, Mahesh Bandewar (महेश बंडेवार)
> wrote:
>> On Thu, Sep 7, 2017 at 4:09 PM, Nikolay Aleksandrov
>> wrote:
>>> On 7.09.2017 01:47, Kosuke Tatsukawa wrote:
>
On Thu, Sep 7, 2017 at 5:39 PM, Mahesh Bandewar (महेश बंडेवार)
wrote:
> On Thu, Sep 7, 2017 at 4:09 PM, Nikolay Aleksandrov
> wrote:
>> On 7.09.2017 01:47, Kosuke Tatsukawa wrote:
>>> Commit cbf5ecb30560 ("net: bonding: Fix transmit load balancing in
>>> balan
On Thu, Sep 7, 2017 at 4:09 PM, Nikolay Aleksandrov
wrote:
> On 7.09.2017 01:47, Kosuke Tatsukawa wrote:
>> Commit cbf5ecb30560 ("net: bonding: Fix transmit load balancing in
>> balance-alb mode") tried to fix transmit dynamic load balancing in
>> balance-alb mode, which wasn't working after comm
On Fri, May 19, 2017 at 11:46 AM, Jarod Wilson wrote:
> In commit dc9c4d0fe023, the arp_target array moved from a static global
> to a local variable. By the nature of static globals, the array used to
> be initialized to all 0. At present, it's full of random data, which
> that gets interpreted a
On Mon, May 15, 2017 at 6:52 AM, David Miller wrote:
> From: Greg Kroah-Hartman
> Date: Mon, 15 May 2017 08:10:59 +0200
>
>> On Sun, May 14, 2017 at 08:57:34AM -0500, Eric W. Biederman wrote:
>>> Greg Kroah-Hartman writes:
>>>
>>> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
>>> inde
On Sun, May 14, 2017 at 3:45 AM, Greg Kroah-Hartman
wrote:
> On Fri, May 12, 2017 at 04:22:59PM -0700, Mahesh Bandewar wrote:
>> From: Mahesh Bandewar
>>
[...]
>> Now try to create a bridge inside this newly created net-ns which would
>> mean bridge module need to be loaded.
>> # ip link ad
few superficial comments inline.
On Fri, Jan 6, 2017 at 2:33 PM, Sainath Grandhi
wrote:
> This patch adds a tap character device driver that is based on the
> IP-VLAN network interface, called ipvtap. An ipvtap device can be created
> in the same way as an ipvlan device, using 'type ipvtap', and
42 matches
Mail list logo