On Fri, Jan 29, 2016 at 02:54:11AM -0600, serge.hal...@ubuntu.com wrote:
> From: Serge Hallyn
>
> allowing root in a non-init user namespace to mount it. This should
> now be safe, because
>
> 1. non-init-root cannot mount a previously unbound subsystem
> 2. the task doing the mount must be pri
From: Serge Hallyn
allowing root in a non-init user namespace to mount it. This should
now be safe, because
1. non-init-root cannot mount a previously unbound subsystem
2. the task doing the mount must be privileged with respect to the
user namespace owning the cgroup namespace
3. the mounte
From: Serge Hallyn
allowing root in a non-init user namespace to mount it. This should
now be safe, because
1. non-init-root cannot mount a previously unbound subsystem
2. the task doing the mount must be privileged with respect to the
user namespace owning the cgroup namespace
3. the mounte
From: Serge Hallyn
allowing root in a non-init user namespace to mount it. This should
now be safe, because
1. non-init-root cannot mount a previously unbound subsystem
2. the task doing the mount must be privileged with respect to the
user namespace owning the cgroup namespace
3. the mounte
From: Serge Hallyn
allowing root in a non-init user namespace to mount it. This should
now be safe, because
1. non-init-root cannot mount a previously unbound subsystem
2. the task doing the mount must be privileged with respect to the
user namespace owning the cgroup namespace
3. the mounte