On 27/08/13 22:46, Eric W. Biederman wrote:
>
> Don't allow mounting sysfs unless the caller has CAP_SYS_ADMIN rights
> over the net namespace. The principle here is if you create or have
> capabilities over it you can mount it, otherwise you get to live with
> what other people have mounted.
>
On Tue, Aug 27, 2013 at 02:46:27PM -0700, Eric W. Biederman wrote:
>
> Don't allow mounting sysfs unless the caller has CAP_SYS_ADMIN rights
> over the net namespace. The principle here is if you create or have
> capabilities over it you can mount it, otherwise you get to live with
> what other p
Don't allow mounting sysfs unless the caller has CAP_SYS_ADMIN rights
over the net namespace. The principle here is if you create or have
capabilities over it you can mount it, otherwise you get to live with
what other people have mounted.
Instead of testing this with a straight forward ns_capab
3 matches
Mail list logo
