Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > I'm not "relying on LSM" to make these safe. I'm relying on the
> > uid mappings to make these safe.
> >
> > Nevertheless I at least have hope of working around the others (in a
> > distro-acceptable way), so if
"Serge E. Hallyn" writes:
> I'm not "relying on LSM" to make these safe. I'm relying on the
> uid mappings to make these safe.
>
> Nevertheless I at least have hope of working around the others (in a
> distro-acceptable way), so if the others are too scary I'll pursue
> the workaround for the ot
Quoting Andy Lutomirski (l...@amacapital.net):
> On Tue, Jul 16, 2013 at 3:03 PM, Serge E. Hallyn wrote:
> > Quoting Andy Lutomirski (l...@amacapital.net):
> >> On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn wrote:
> >> > Quoting Andy Lutomirski (l...@amacapital.net):
> >> >> On 07/16/2013 12:5
On Tue, Jul 16, 2013 at 3:03 PM, Serge E. Hallyn wrote:
> Quoting Andy Lutomirski (l...@amacapital.net):
>> On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn wrote:
>> > Quoting Andy Lutomirski (l...@amacapital.net):
>> >> On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
>> >> > Quoting Al Viro (v..
Quoting Andy Lutomirski (l...@amacapital.net):
> On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn wrote:
> > Quoting Andy Lutomirski (l...@amacapital.net):
> >> On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
> >> > Quoting Al Viro (v...@zeniv.linux.org.uk):
> >> >> On Tue, Jul 16, 2013 at 02:29:20
On Tue, Jul 16, 2013 at 2:37 PM, Serge E. Hallyn wrote:
> Quoting Andy Lutomirski (l...@amacapital.net):
>> On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
>> > Quoting Al Viro (v...@zeniv.linux.org.uk):
>> >> On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
>> >>> All the files will b
Quoting Serge E. Hallyn (se...@hallyn.com):
> Quoting Andy Lutomirski (l...@amacapital.net):
> > On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
> > > Quoting Al Viro (v...@zeniv.linux.org.uk):
> > >> On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
> > >>> All the files will be owned b
Quoting Andy Lutomirski (l...@amacapital.net):
> On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
> > Quoting Al Viro (v...@zeniv.linux.org.uk):
> >> On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
> >>> All the files will be owned by host root, so there's no security
> >>> concern in a
On 07/16/2013 12:50 PM, Serge E. Hallyn wrote:
> Quoting Al Viro (v...@zeniv.linux.org.uk):
>> On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
>>> All the files will be owned by host root, so there's no security
>>> concern in allowing this.
>>
>> Files owned by root != very bad thing
Quoting Al Viro (v...@zeniv.linux.org.uk):
> On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
> > All the files will be owned by host root, so there's no security
> > concern in allowing this.
>
> Files owned by root != very bad things can't be done by non-root.
> Especially for debug
On Tue, Jul 16, 2013 at 02:29:20PM -0500, Serge Hallyn wrote:
> All the files will be owned by host root, so there's no security
> concern in allowing this.
Files owned by root != very bad things can't be done by non-root.
Especially for debugfs, which is very much a "don't even think about
mounti
All the files will be owned by host root, so there's no security
concern in allowing this.
(These are mounted by default by mountall, and if permission is
denied then by default container boot will hang)
Signed-off-by: Serge Hallyn
---
fs/debugfs/inode.c | 1 +
fs/fuse/control.c | 1 +
securit
12 matches
Mail list logo
