Re: [PATCHv2 2/2] userns: control capabilities of some user namespaces

2017-12-06 Thread Serge E. Hallyn
Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com): > On Wed, Nov 29, 2017 at 9:57 AM, Serge E. Hallyn wrote: > > Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com): > >> On Tue, Nov 28, 2017 at 3:04 PM, Serge E. Hallyn wrote: > >> > Quoting Mahesh Bandewar (महेश बंडेवार) (mahe.

Re: [PATCHv2 2/2] userns: control capabilities of some user namespaces

2017-12-05 Thread महेश बंडेवार
On Wed, Nov 29, 2017 at 9:57 AM, Serge E. Hallyn wrote: > Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com): >> On Tue, Nov 28, 2017 at 3:04 PM, Serge E. Hallyn wrote: >> > Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com): >> > ... >> >> >> diff --git a/security/commoncap.c b

Re: [PATCHv2 2/2] userns: control capabilities of some user namespaces

2017-11-29 Thread Serge E. Hallyn
Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com): > On Tue, Nov 28, 2017 at 3:04 PM, Serge E. Hallyn wrote: > > Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com): > > ... > >> >> diff --git a/security/commoncap.c b/security/commoncap.c > >> >> index fc46f5b85251..89103f16ac37

Re: [PATCHv2 2/2] userns: control capabilities of some user namespaces

2017-11-28 Thread महेश बंडेवार
On Tue, Nov 28, 2017 at 3:04 PM, Serge E. Hallyn wrote: > Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com): > ... >> >> diff --git a/security/commoncap.c b/security/commoncap.c >> >> index fc46f5b85251..89103f16ac37 100644 >> >> --- a/security/commoncap.c >> >> +++ b/security/commoncap.

Re: [PATCHv2 2/2] userns: control capabilities of some user namespaces

2017-11-28 Thread Serge E. Hallyn
Quoting Mahesh Bandewar (महेश बंडेवार) (mahe...@google.com): ... > >> diff --git a/security/commoncap.c b/security/commoncap.c > >> index fc46f5b85251..89103f16ac37 100644 > >> --- a/security/commoncap.c > >> +++ b/security/commoncap.c > >> @@ -73,6 +73,14 @@ int cap_capable(const struct cred *cred

Re: [PATCHv2 2/2] userns: control capabilities of some user namespaces

2017-11-28 Thread महेश बंडेवार
On Sat, Nov 25, 2017 at 10:40 PM, Serge E. Hallyn wrote: > Quoting Mahesh Bandewar (mah...@bandewar.net): >> From: Mahesh Bandewar >> >> With this new notion of "controlled" user-namespaces, the controlled >> user-namespaces are marked at the time of their creation while the >> capabilities of pr

Re: [PATCHv2 2/2] userns: control capabilities of some user namespaces

2017-11-25 Thread Serge E. Hallyn
Quoting Mahesh Bandewar (mah...@bandewar.net): > From: Mahesh Bandewar > > With this new notion of "controlled" user-namespaces, the controlled > user-namespaces are marked at the time of their creation while the > capabilities of processes that belong to them are controlled using the > global ma

[PATCHv2 2/2] userns: control capabilities of some user namespaces

2017-11-09 Thread Mahesh Bandewar
From: Mahesh Bandewar With this new notion of "controlled" user-namespaces, the controlled user-namespaces are marked at the time of their creation while the capabilities of processes that belong to them are controlled using the global mask. Init-user-ns is always uncontrolled and a process that