Hi,
On Thu, May 05, 2016 at 08:05:08AM -0500, Seth Forshee wrote:
> On Wed, May 04, 2016 at 11:19:04PM +, Serge Hallyn wrote:
> > Quoting Djalal Harouni (tix...@gmail.com):
> > > If a process gets access to a mount from a different user
> > > namespace, that process should not be able to take
On Wed, May 04, 2016 at 11:19:04PM +, Serge Hallyn wrote:
> Quoting Djalal Harouni (tix...@gmail.com):
> > If a process gets access to a mount from a different user
> > namespace, that process should not be able to take advantage of
> > setuid files or selinux entrypoints from that filesystem.
Quoting Djalal Harouni (tix...@gmail.com):
> If a process gets access to a mount from a different user
> namespace, that process should not be able to take advantage of
> setuid files or selinux entrypoints from that filesystem. Prevent
> this by treating mounts from other mount namespaces and tho
If a process gets access to a mount from a different user
namespace, that process should not be able to take advantage of
setuid files or selinux entrypoints from that filesystem. Prevent
this by treating mounts from other mount namespaces and those not
owned by current_user_ns() or an ancestor as
4 matches
Mail list logo