Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > I'm not "relying on LSM" to make these safe. I'm relying on the
> > uid mappings to make these safe.
> >
> > Nevertheless I at least have hope of working around the others (in a
> > distro-acceptable way), so
Quoting Eric W. Biederman (ebied...@xmission.com):
Serge E. Hallyn se...@hallyn.com writes:
I'm not relying on LSM to make these safe. I'm relying on the
uid mappings to make these safe.
Nevertheless I at least have hope of working around the others (in a
distro-acceptable way), so
"Serge E. Hallyn" writes:
> I'm not "relying on LSM" to make these safe. I'm relying on the
> uid mappings to make these safe.
>
> Nevertheless I at least have hope of working around the others (in a
> distro-acceptable way), so if the others are too scary I'll pursue
> the workaround for the
Quoting Andy Lutomirski (l...@amacapital.net):
> On Tue, Jul 16, 2013 at 3:03 PM, Serge E. Hallyn wrote:
> > Quoting Andy Lutomirski (l...@amacapital.net):
> >> On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn wrote:
> >> > Quoting Andy Lutomirski (l...@amacapital.net):
> >> >> On 07/16/2013
On Tue, Jul 16, 2013 at 3:03 PM, Serge E. Hallyn wrote:
> Quoting Andy Lutomirski (l...@amacapital.net):
>> On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn wrote:
>> > Quoting Andy Lutomirski (l...@amacapital.net):
>> >> On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
>> >> > Quoting Al Viro
Quoting Andy Lutomirski (l...@amacapital.net):
> On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn wrote:
> > Quoting Andy Lutomirski (l...@amacapital.net):
> >> On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
> >> > Quoting Al Viro (v...@zeniv.linux.org.uk):
> >> >> On Tue, Jul 16, 2013 at
On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn wrote:
> Quoting Andy Lutomirski (l...@amacapital.net):
>> On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
>> > Quoting Al Viro (v...@zeniv.linux.org.uk):
>> >> On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
>> >>> All the files will
Quoting Serge E. Hallyn (se...@hallyn.com):
> Quoting Andy Lutomirski (l...@amacapital.net):
> > On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
> > > Quoting Al Viro (v...@zeniv.linux.org.uk):
> > >> On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
> > >>> All the files will be owned
Quoting Andy Lutomirski (l...@amacapital.net):
> On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
> > Quoting Al Viro (v...@zeniv.linux.org.uk):
> >> On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
> >>> All the files will be owned by host root, so there's no security
> >>> concern in
On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
> Quoting Al Viro (v...@zeniv.linux.org.uk):
>> On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
>>> All the files will be owned by host root, so there's no security
>>> concern in allowing this.
>>
>> Files owned by root != very bad
Quoting Al Viro (v...@zeniv.linux.org.uk):
> On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
> > All the files will be owned by host root, so there's no security
> > concern in allowing this.
>
> Files owned by root != very bad things can't be done by non-root.
> Especially for
On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
> All the files will be owned by host root, so there's no security
> concern in allowing this.
Files owned by root != very bad things can't be done by non-root.
Especially for debugfs, which is very much a "don't even think about
All the files will be owned by host root, so there's no security
concern in allowing this.
(These are mounted by default by mountall, and if permission is
denied then by default container boot will hang)
Signed-off-by: Serge Hallyn
---
fs/debugfs/inode.c | 1 +
fs/fuse/control.c | 1 +
All the files will be owned by host root, so there's no security
concern in allowing this.
(These are mounted by default by mountall, and if permission is
denied then by default container boot will hang)
Signed-off-by: Serge Hallyn serge.hal...@canonical.com
---
fs/debugfs/inode.c | 1 +
On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
All the files will be owned by host root, so there's no security
concern in allowing this.
Files owned by root != very bad things can't be done by non-root.
Especially for debugfs, which is very much a don't even think about
mounting
Quoting Al Viro (v...@zeniv.linux.org.uk):
On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
All the files will be owned by host root, so there's no security
concern in allowing this.
Files owned by root != very bad things can't be done by non-root.
Especially for debugfs,
On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
Quoting Al Viro (v...@zeniv.linux.org.uk):
On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
All the files will be owned by host root, so there's no security
concern in allowing this.
Files owned by root != very bad things can't be
Quoting Andy Lutomirski (l...@amacapital.net):
On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
Quoting Al Viro (v...@zeniv.linux.org.uk):
On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
All the files will be owned by host root, so there's no security
concern in allowing this.
Quoting Serge E. Hallyn (se...@hallyn.com):
Quoting Andy Lutomirski (l...@amacapital.net):
On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
Quoting Al Viro (v...@zeniv.linux.org.uk):
On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
All the files will be owned by host root,
On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Andy Lutomirski (l...@amacapital.net):
On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
Quoting Al Viro (v...@zeniv.linux.org.uk):
On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
All the files will
Quoting Andy Lutomirski (l...@amacapital.net):
On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Andy Lutomirski (l...@amacapital.net):
On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
Quoting Al Viro (v...@zeniv.linux.org.uk):
On Tue, Jul 16, 2013 at
On Tue, Jul 16, 2013 at 3:03 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Andy Lutomirski (l...@amacapital.net):
On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Andy Lutomirski (l...@amacapital.net):
On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
Quoting Andy Lutomirski (l...@amacapital.net):
On Tue, Jul 16, 2013 at 3:03 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Andy Lutomirski (l...@amacapital.net):
On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Andy Lutomirski (l...@amacapital.net):
Serge E. Hallyn se...@hallyn.com writes:
I'm not relying on LSM to make these safe. I'm relying on the
uid mappings to make these safe.
Nevertheless I at least have hope of working around the others (in a
distro-acceptable way), so if the others are too scary I'll pursue
the workaround for
24 matches
Mail list logo