Re: [PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

On Fri, Dec 14, 2012 at 4:48 PM, Eric W. Biederman wrote: > > When unsharing a user namespace we reduce our credentials to just what > can be done in that user namespace. This is a subset of the credentials > we previously had. Teach commit_creds to recognize this is a subset > of the

Re: [PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

On Fri, Dec 14, 2012 at 4:48 PM, Eric W. Biederman ebied...@xmission.com wrote: When unsharing a user namespace we reduce our credentials to just what can be done in that user namespace. This is a subset of the credentials we previously had. Teach commit_creds to recognize this is a subset

Re: [PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

Quoting Eric W. Biederman (ebied...@xmission.com): > > When unsharing a user namespace we reduce our credentials to just what > can be done in that user namespace. This is a subset of the credentials > we previously had. Teach commit_creds to recognize this is a subset > of the credentials we

[PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

When unsharing a user namespace we reduce our credentials to just what can be done in that user namespace. This is a subset of the credentials we previously had. Teach commit_creds to recognize this is a subset of the credentials we have had before and don't clear the dumpability flag. This

Re: [PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

Quoting Eric W. Biederman (ebied...@xmission.com): > "Serge E. Hallyn" writes: > > > Quoting Eric W. Biederman (ebied...@xmission.com): > >> > >> When unsharing a user namespace we reduce our credentials to just what > >> can be done in that user namespace. This is a subset of the credentials

Re: [PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

"Serge E. Hallyn" writes: > Quoting Eric W. Biederman (ebied...@xmission.com): >> >> When unsharing a user namespace we reduce our credentials to just what >> can be done in that user namespace. This is a subset of the credentials >> we previously had. Teach commit_creds to recognize this is

Re: [PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

Quoting Eric W. Biederman (ebied...@xmission.com): > > When unsharing a user namespace we reduce our credentials to just what > can be done in that user namespace. This is a subset of the credentials > we previously had. Teach commit_creds to recognize this is a subset > of the credentials we

[PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

When unsharing a user namespace we reduce our credentials to just what can be done in that user namespace. This is a subset of the credentials we previously had. Teach commit_creds to recognize this is a subset of the credentials we have had before and don't clear the dumpability flag. This

[PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

When unsharing a user namespace we reduce our credentials to just what can be done in that user namespace. This is a subset of the credentials we previously had. Teach commit_creds to recognize this is a subset of the credentials we have had before and don't clear the dumpability flag. This

Re: [PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

Quoting Eric W. Biederman (ebied...@xmission.com): When unsharing a user namespace we reduce our credentials to just what can be done in that user namespace. This is a subset of the credentials we previously had. Teach commit_creds to recognize this is a subset of the credentials we have

Re: [PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

Serge E. Hallyn se...@hallyn.com writes: Quoting Eric W. Biederman (ebied...@xmission.com): When unsharing a user namespace we reduce our credentials to just what can be done in that user namespace. This is a subset of the credentials we previously had. Teach commit_creds to recognize

Re: [PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

Quoting Eric W. Biederman (ebied...@xmission.com): Serge E. Hallyn se...@hallyn.com writes: Quoting Eric W. Biederman (ebied...@xmission.com): When unsharing a user namespace we reduce our credentials to just what can be done in that user namespace. This is a subset of the credentials

[PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

When unsharing a user namespace we reduce our credentials to just what can be done in that user namespace. This is a subset of the credentials we previously had. Teach commit_creds to recognize this is a subset of the credentials we have had before and don't clear the dumpability flag. This

Re: [PATCH 3/4] userns: Add a more complete capability subset test to commit_creds

Quoting Eric W. Biederman (ebied...@xmission.com): When unsharing a user namespace we reduce our credentials to just what can be done in that user namespace. This is a subset of the credentials we previously had. Teach commit_creds to recognize this is a subset of the credentials we have