From: "Serge E. Hallyn" <serge@hallyn.com>
To: "Eric W. Beiderman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org,
Linux Containers <containers@lists.linux-foundation.org>,
Cyrill Gorcunov <gorcunov@openvz.org>,
linux-security-module@vger.kernel.org,
Al Viro <viro@ZenIV.linux.org.uk>,
linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH 16/43] userns: Simplify the user_namespace by making userns->creator a kuid.
Date: Wed, 18 Apr 2012 18:48:47 +0000 [thread overview]
Message-ID: <20120418184847.GA4984@mail.hallyn.com> (raw)
In-Reply-To: <1333862139-31737-16-git-send-email-ebiederm@xmission.com>
Quoting Eric W. Beiderman (ebiederm@xmission.com):
> From: Eric W. Biederman <ebiederm@xmission.com>
>
> - Transform userns->creator from a user_struct reference to a simple
> kuid_t, kgid_t pair.
>
> In cap_capable this allows the check to see if we are the creator of
> a namespace to become the classic suser style euid permission check.
>
> This allows us to remove the need for a struct cred in the mapping
> functions and still be able to dispaly the user namespace creators
> uid and gid as 0.
>
> - Remove the now unnecessary delayed_work in free_user_ns.
>
> All that is left for free_user_ns to do is to call kmem_cache_free
> and put_user_ns. Those functions can be called in any context
> so call them directly from free_user_ns removing the need for delayed work.
>
> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
> ---
> include/linux/user_namespace.h | 4 ++--
> kernel/user.c | 7 ++++---
> kernel/user_namespace.c | 39 ++++++++++++++++++---------------------
> security/commoncap.c | 5 +++--
> 4 files changed, 27 insertions(+), 28 deletions(-)
>
> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
> index d767508..8a391bd 100644
> --- a/include/linux/user_namespace.h
> +++ b/include/linux/user_namespace.h
> @@ -9,8 +9,8 @@
> struct user_namespace {
> struct kref kref;
> struct user_namespace *parent;
> - struct user_struct *creator;
> - struct work_struct destroyer;
> + kuid_t owner;
> + kgid_t group;
> };
>
> extern struct user_namespace init_user_ns;
> diff --git a/kernel/user.c b/kernel/user.c
> index 025077e..cff3856 100644
> --- a/kernel/user.c
> +++ b/kernel/user.c
> @@ -25,7 +25,8 @@ struct user_namespace init_user_ns = {
> .kref = {
> .refcount = ATOMIC_INIT(3),
> },
> - .creator = &root_user,
> + .owner = GLOBAL_ROOT_UID,
> + .group = GLOBAL_ROOT_GID,
> };
> EXPORT_SYMBOL_GPL(init_user_ns);
>
> @@ -54,9 +55,9 @@ struct hlist_head uidhash_table[UIDHASH_SZ];
> */
> static DEFINE_SPINLOCK(uidhash_lock);
>
> -/* root_user.__count is 2, 1 for init task cred, 1 for init_user_ns->user_ns */
> +/* root_user.__count is 1, for init task cred */
> struct user_struct root_user = {
> - .__count = ATOMIC_INIT(2),
> + .__count = ATOMIC_INIT(1),
> .processes = ATOMIC_INIT(1),
> .files = ATOMIC_INIT(0),
> .sigpending = ATOMIC_INIT(0),
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index 898e973..f69741a 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -27,6 +27,16 @@ int create_user_ns(struct cred *new)
> {
> struct user_namespace *ns, *parent_ns = new->user_ns;
> struct user_struct *root_user;
> + kuid_t owner = make_kuid(new->user_ns, new->euid);
> + kgid_t group = make_kgid(new->user_ns, new->egid);
> +
> + /* The creator needs a mapping in the parent user namespace
> + * or else we won't be able to reasonably tell userspace who
> + * created a user_namespace.
> + */
> + if (!kuid_has_mapping(parent_ns, owner) ||
> + !kgid_has_mapping(parent_ns, group))
> + return -EPERM;
>
> ns = kmem_cache_alloc(user_ns_cachep, GFP_KERNEL);
> if (!ns)
> @@ -43,7 +53,9 @@ int create_user_ns(struct cred *new)
>
> /* set the new root user in the credentials under preparation */
> ns->parent = parent_ns;
I think in the past the creator cred pinned the ns->parent. Do you now
need to explicitly pin ns->parent (and release it in free_user_ns())?
> - ns->creator = new->user;
> + ns->owner = owner;
> + ns->group = group;
> + free_uid(new->user);
> new->user = root_user;
> new->uid = new->euid = new->suid = new->fsuid = 0;
> new->gid = new->egid = new->sgid = new->fsgid = 0;
> @@ -69,29 +81,15 @@ int create_user_ns(struct cred *new)
> return 0;
> }
>
> -/*
> - * Deferred destructor for a user namespace. This is required because
> - * free_user_ns() may be called with uidhash_lock held, but we need to call
> - * back to free_uid() which will want to take the lock again.
> - */
> -static void free_user_ns_work(struct work_struct *work)
> +void free_user_ns(struct kref *kref)
> {
> struct user_namespace *parent, *ns =
> - container_of(work, struct user_namespace, destroyer);
> + container_of(kref, struct user_namespace, kref);
> +
> parent = ns->parent;
> - free_uid(ns->creator);
> kmem_cache_free(user_ns_cachep, ns);
> put_user_ns(parent);
> }
> -
> -void free_user_ns(struct kref *kref)
> -{
> - struct user_namespace *ns =
> - container_of(kref, struct user_namespace, kref);
> -
> - INIT_WORK(&ns->destroyer, free_user_ns_work);
> - schedule_work(&ns->destroyer);
> -}
> EXPORT_SYMBOL(free_user_ns);
>
> uid_t user_ns_map_uid(struct user_namespace *to, const struct cred *cred, uid_t uid)
> @@ -101,12 +99,11 @@ uid_t user_ns_map_uid(struct user_namespace *to, const struct cred *cred, uid_t
> if (likely(to == cred->user_ns))
> return uid;
>
> -
> /* Is cred->user the creator of the target user_ns
> * or the creator of one of it's parents?
> */
> for ( tmp = to; tmp != &init_user_ns; tmp = tmp->parent ) {
> - if (cred->user == tmp->creator) {
> + if (uid_eq(cred->user->uid, tmp->owner)) {
> return (uid_t)0;
> }
> }
> @@ -126,7 +123,7 @@ gid_t user_ns_map_gid(struct user_namespace *to, const struct cred *cred, gid_t
> * or the creator of one of it's parents?
> */
> for ( tmp = to; tmp != &init_user_ns; tmp = tmp->parent ) {
> - if (cred->user == tmp->creator) {
> + if (uid_eq(cred->user->uid, tmp->owner)) {
> return (gid_t)0;
> }
> }
> diff --git a/security/commoncap.c b/security/commoncap.c
> index 435d074..f2399d8 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -76,8 +76,9 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
> int cap, int audit)
> {
> for (;;) {
> - /* The creator of the user namespace has all caps. */
> - if (targ_ns != &init_user_ns && targ_ns->creator == cred->user)
> + /* The owner of the user namespace has all caps. */
> + if (targ_ns != &init_user_ns && uid_eq(targ_ns->owner,
> + make_kuid(cred->user_ns, cred->euid)))
> return 0;
>
> /* Do we have the necessary capabilities? */
> --
> 1.7.2.5
>
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers
next prev parent reply other threads:[~2012-04-18 18:48 UTC|newest]
Thread overview: 227+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-08 5:10 [REVIEW][PATCH 0/43] Completing the user namespace Eric W. Biederman
2012-04-08 5:10 ` Eric W. Biederman
2012-04-08 5:10 ` Eric W. Biederman
[not found] ` <m11unyn70b.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-08 5:14 ` [PATCH 01/43] vfs: Don't allow a user namespace root to make device nodes "Eric W. Beiderman
2012-04-08 5:14 ` "Eric W. Beiderman
2012-04-08 5:14 ` "Eric W. Beiderman
2012-04-08 5:14 ` [PATCH 02/43] userns: Kill bogus declaration of function release_uids "Eric W. Beiderman
2012-04-08 5:14 ` "Eric W. Beiderman
2012-04-08 5:14 ` "Eric W. Beiderman
2012-04-08 5:14 ` [PATCH 03/43] userns: Replace netlink uses of cap_raised with capable "Eric W. Beiderman
2012-04-08 5:14 ` "Eric W. Beiderman
2012-04-08 5:14 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 04/43] userns: Remove unnecessary cast to struct user_struct when copying cred->user "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 05/43] cred: Add forward declaration of init_user_ns in all cases "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 06/43] userns: Use cred->user_ns instead of cred->user->user_ns "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 07/43] cred: Refcount the user_ns pointed to by the cred "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 08/43] userns: Add an explicit reference to the parent user namespace "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 09/43] mqueue: Explicitly capture the user namespace to send the notification to "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 10/43] userns: Deprecate and rename the user_namespace reference in the user_struct "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 11/43] userns: Start out with a full set of capabilities "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 12/43] userns: Replace the hard to write inode_userns with inode_capable "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 13/43] userns: Add kuid_t and kgid_t and associated infrastructure in uidgid.h "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 14/43] userns: Add a Kconfig option to enforce strict kuid and kgid type checks "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 15/43] userns: Disassociate user_struct from the user_namespace "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 16/43] userns: Simplify the user_namespace by making userns->creator a kuid "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-18 18:48 ` Serge E. Hallyn [this message]
[not found] ` <20120418184847.GA4984-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-20 22:58 ` Eric W. Biederman
2012-04-20 22:58 ` Eric W. Biederman
[not found] ` <m1aa266meh.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-24 17:33 ` Serge E. Hallyn
2012-04-24 17:33 ` Serge E. Hallyn
[not found] ` <20120424173347.GA14017-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-24 19:41 ` Eric W. Biederman
2012-04-24 19:41 ` Eric W. Biederman
[not found] ` <m14ns8lxyc.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-24 20:23 ` Serge E. Hallyn
2012-04-24 20:23 ` Serge E. Hallyn
[not found] ` <20120424202301.GA11326-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-26 9:09 ` Eric W. Biederman
2012-04-26 9:09 ` Eric W. Biederman
[not found] ` <m1ehradfl3.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-26 16:21 ` Serge E. Hallyn
2012-04-26 16:21 ` Serge E. Hallyn
[not found] ` <1333862139-31737-16-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:48 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 17/43] userns: Rework the user_namespace adding uid/gid mapping support "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
[not found] ` <1333862139-31737-17-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:49 ` Serge E. Hallyn
2012-04-18 18:49 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 18/43] userns: Convert group_info values from gid_t to kgid_t "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-18 18:49 ` Serge E. Hallyn
[not found] ` <20120418184936.GC4984-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-20 23:05 ` Eric W. Biederman
2012-04-20 23:05 ` Eric W. Biederman
[not found] ` <1333862139-31737-18-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:49 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 19/43] userns: Store uid and gid values in struct cred with kuid_t and kgid_t types "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
[not found] ` <1333862139-31737-19-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:49 ` Serge E. Hallyn
2012-04-18 18:49 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 20/43] userns: Replace user_ns_map_uid and user_ns_map_gid with from_kuid and from_kgid "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-18 18:49 ` Serge E. Hallyn
[not found] ` <1333862139-31737-20-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:49 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 21/43] userns: Convert sched_set_affinity and sched_set_scheduler's permission checks "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 22/43] userns: Convert capabilities related permsion checks "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
[not found] ` <1333862139-31737-22-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:51 ` Serge E. Hallyn
2012-04-18 18:51 ` Serge E. Hallyn
[not found] ` <20120418185106.GG4984-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-20 23:18 ` Eric W. Biederman
2012-04-20 23:18 ` Eric W. Biederman
2012-04-08 5:15 ` [PATCH 23/43] userns: Convert setting and getting uid and gid system calls to use kuid and kgid "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
[not found] ` <1333862139-31737-23-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-26 16:20 ` Serge E. Hallyn
2012-04-26 16:20 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 24/43] userns: Convert ptrace, kill, set_priority permission checks to work with kuids and kgids "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
[not found] ` <1333862139-31737-24-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:56 ` Serge E. Hallyn
2012-04-18 18:56 ` Serge E. Hallyn
[not found] ` <20120418185610.GA5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-20 23:51 ` Eric W. Biederman
2012-04-20 23:51 ` Eric W. Biederman
2012-04-08 5:15 ` [PATCH 25/43] userns: Store uid and gid types in vfs structures with kuid_t and kgid_t types "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
[not found] ` <1333862139-31737-25-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:57 ` Serge E. Hallyn
2012-04-18 18:57 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 26/43] userns: Convert in_group_p and in_egroup_p to use kgid_t "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
[not found] ` <1333862139-31737-26-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:58 ` Serge E. Hallyn
2012-04-18 18:58 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 27/43] userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 28/43] userns: Convert user specfied uids and gids in chown into kuids and kgid "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
[not found] ` <1333862139-31737-28-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:03 ` Serge E. Hallyn
2012-04-18 19:03 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 29/43] userns: Convert stat to return values mapped from kuids and kgids "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-18 19:03 ` Serge E. Hallyn
[not found] ` <1333862139-31737-29-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:03 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 30/43] userns: Fail exec for suid and sgid binaries with ids outside our user namespace "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-18 19:05 ` Serge E. Hallyn
[not found] ` <1333862139-31737-30-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:05 ` Serge E. Hallyn
2012-04-18 19:09 ` Serge E. Hallyn
2012-04-18 19:09 ` Serge E. Hallyn
[not found] ` <20120418190927.GK5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-24 2:28 ` Eric W. Biederman
2012-04-24 2:28 ` Eric W. Biederman
[not found] ` <m1ehrdrhgr.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-24 15:10 ` Serge Hallyn
2012-04-24 15:10 ` Serge Hallyn
2012-04-08 5:15 ` [PATCH 31/43] userns: Teach inode_capable to understand inodes whose uids map to other namespaces "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
[not found] ` <1333862139-31737-31-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:06 ` Serge E. Hallyn
2012-04-18 19:06 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 32/43] userns: signal remove unnecessary map_cred_ns "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
[not found] ` <1333862139-31737-32-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:07 ` Serge E. Hallyn
2012-04-18 19:07 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 33/43] userns: Convert binary formats to use kuid/kgid where appropriate "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
[not found] ` <1333862139-31737-33-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:10 ` Serge E. Hallyn
2012-04-18 19:10 ` Serge E. Hallyn
[not found] ` <20120418191033.GL5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-24 2:44 ` Eric W. Biederman
2012-04-24 2:44 ` Eric W. Biederman
2012-04-08 5:15 ` [PATCH 34/43] userns: Convert devpts " "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 35/43] userns: Convert ext2 " "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 36/43] userns: Convert ext3 " "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 37/43] userns: Convert ext4 to user " "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 38/43] userns: Convert proc to use " "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 39/43] userns: Convert sysctl permission checks to use kuid and kgids "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 40/43] userns: Convert sysfs to use kgid/kuid where appropriate "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 41/43] userns: Convert tmpfs to use kuid and kgid " "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 42/43] userns: Convert cgroup permission checks to use uid_eq "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 43/43] userns: Convert the move_pages, and migrate_pages " "Eric W. Beiderman
2012-04-08 14:54 ` [REVIEW][PATCH 0/43] Completing the user namespace Serge Hallyn
2012-04-08 17:40 ` richard -rw- weinberger
2012-05-11 23:20 ` Please include user-namespace.git in linux-next Eric W. Biederman
2012-05-11 23:20 ` Eric W. Biederman
[not found] ` <m1likyz4mh.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-05-13 23:35 ` Stephen Rothwell
2012-05-13 23:35 ` Stephen Rothwell
2012-05-13 23:35 ` Stephen Rothwell
2012-05-21 2:25 ` Tetsuo Handa
2012-05-22 17:26 ` Eric W. Biederman
2012-04-08 5:15 ` [PATCH 21/43] userns: Convert sched_set_affinity and sched_set_scheduler's permission checks "Eric W. Beiderman
2012-04-18 18:50 ` Serge E. Hallyn
[not found] ` <1333862139-31737-21-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:50 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 27/43] userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs "Eric W. Beiderman
[not found] ` <1333862139-31737-27-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:02 ` Serge E. Hallyn
2012-04-18 19:02 ` Serge E. Hallyn
[not found] ` <20120418190213.GD5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-21 0:05 ` Eric W. Biederman
2012-04-21 0:05 ` Eric W. Biederman
2012-04-18 19:03 ` Serge E. Hallyn
2012-04-18 19:03 ` Serge E. Hallyn
[not found] ` <20120418190337.GE5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-21 0:58 ` Eric W. Biederman
2012-04-21 0:58 ` Eric W. Biederman
[not found] ` <m1sjfx2950.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-24 17:41 ` Serge E. Hallyn
2012-04-26 0:11 ` Serge E. Hallyn
2012-04-26 0:11 ` Serge E. Hallyn
[not found] ` <20120426001101.GA10308-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-26 5:33 ` Eric W. Biederman
2012-04-26 5:33 ` Eric W. Biederman
2012-04-24 17:41 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 36/43] userns: Convert ext3 to use kuid/kgid where appropriate "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 37/43] userns: Convert ext4 to user " "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 38/43] userns: Convert proc to use " "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 39/43] userns: Convert sysctl permission checks to use kuid and kgids "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 40/43] userns: Convert sysfs to use kgid/kuid where appropriate "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 41/43] userns: Convert tmpfs to use kuid and kgid " "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 42/43] userns: Convert cgroup permission checks to use uid_eq "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 43/43] userns: Convert the move_pages, and migrate_pages " "Eric W. Beiderman
2012-04-08 14:54 ` [REVIEW][PATCH 0/43] Completing the user namespace Serge Hallyn
2012-04-08 17:40 ` richard -rw- weinberger
2012-04-08 17:40 ` richard -rw- weinberger
[not found] ` <CAFLxGvwyx6S6+eZtR=UNSQe_O+W7oZW=GosseL54HGpjtYGXjg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-04-08 21:30 ` Eric W. Biederman
2012-04-08 21:30 ` Eric W. Biederman
[not found] ` <m1iph9ewsy.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-08 22:04 ` richard -rw- weinberger
2012-04-08 22:04 ` richard -rw- weinberger
[not found] ` <CAFLxGvwHtA028V2XudM-5HXmXCPw5ENL5E_nHKZh_gbrsRV69g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-04-08 22:52 ` Eric W. Biederman
2012-04-08 22:52 ` Eric W. Biederman
2012-04-10 19:01 ` Andy Lutomirski
2012-04-10 21:59 ` Eric W. Biederman
2012-04-10 22:15 ` Andrew Lutomirski
2012-04-10 23:01 ` Markus Gutschke
2012-04-11 0:04 ` Eric W. Biederman
2012-04-10 23:50 ` Eric W. Biederman
2012-04-10 23:56 ` Andrew Lutomirski
2012-04-11 1:01 ` Eric W. Biederman
2012-04-11 1:00 ` Andrew Lutomirski
2012-04-11 1:14 ` Eric W. Biederman
2012-04-11 1:22 ` Andrew Lutomirski
2012-04-11 4:37 ` Serge Hallyn
2012-04-11 4:33 ` Serge Hallyn
2012-04-11 4:16 ` Serge Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120418184847.GA4984@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=akpm@linux-foundation.org \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=gorcunov@openvz.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.