From: Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>
To: "Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
Cc: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
kzak-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
dottedmag-6nM9faFvqWvMFIMGWPqnnw@public.gmane.org
Subject: Re: [PATCH review 00/18] userns: review of bug fixes for 3.19-rcX
Date: Sun, 14 Dec 2014 20:41:11 +0100 [thread overview]
Message-ID: <548DE7D7.3080607@nod.at> (raw)
In-Reply-To: <87k31wzehb.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
Am 12.12.2014 um 23:32 schrieb Eric W. Biederman:
>
> The entire tree for testing is available at:
> git.kernel.org:/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-testing
>
> This is my queue of important bug fixes for user namespaces. Most of
> these changes warrant being backported. A few are bug fixes for cases
> where only root can trigger the issue so have not been marked for being
> back ported to stable.
>
> A few of these patches have not been posted for review preivously, so I
> a giving the light of mailling list before I send them to Linus. This
> patchset has seen some testing already.
>
> Since there are small deliberate breakage of userspace in here the more
> reviewers/testers the better.
>
> Baring complictions I intend to ask Linus to pull this patchset sometime
> early next week.
>
> So far nothing broke on my libvirt-lxc test bed. :-)
> Tested with openSUSE 13.2 and libvirt 1.2.9.
> Tested-by: Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>
FYI, this change set breaks util-linux's unshare(1) tool
as an unprivileged is no longer allowed to write to /proc/self/gid_map.
Thanks,
//richard
next prev parent reply other threads:[~2014-12-14 19:41 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-12 22:32 [PATCH review 00/18] userns: review of bug fixes for 3.19-rcX Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 01/18] mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 02/18] mnt: Update unprivileged remount test Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 05/18] mnt: Move the clear of MNT_LOCKED from copy_tree to it's callers Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 06/18] mnt: Carefully set CL_UNPRIVILEGED in clone_mnt Eric W. Biederman
[not found] ` <87k31wzehb.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-12-12 22:48 ` [PATCH review 01/18] mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 02/18] mnt: Update unprivileged remount test Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 03/18] umount: Disallow unprivileged mount force Eric W. Biederman
2014-12-12 23:07 ` Andy Lutomirski
[not found] ` <CALCETrV2kBfzypMbYKgxJ4BqB6yBG6Xvo=sZy3tvTng5ZRvAKQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-12-12 23:25 ` Eric W. Biederman
2014-12-13 0:20 ` Andy Lutomirski
[not found] ` <87vblgxxfi.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-12-13 0:20 ` Andy Lutomirski
[not found] ` <1418424509-22389-3-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2014-12-12 23:07 ` Andy Lutomirski
2014-12-12 22:48 ` [PATCH review 04/18] umount: Do not allow unmounting rootfs Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 05/18] mnt: Move the clear of MNT_LOCKED from copy_tree to it's callers Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 06/18] mnt: Carefully set CL_UNPRIVILEGED in clone_mnt Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 07/18] mnt: Clear mnt_expire during pivot_root Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 08/18] groups: Consolidate the setgroups permission checks Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 09/18] userns: Document what the invariant required for safe unprivileged mappings Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 10/18] userns: Don't allow setgroups until a gid mapping has been setablished Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 11/18] userns: Don't allow unprivileged creation of gid mappings Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 12/18] userns: Check euid no fsuid when establishing an unprivileged uid mapping Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 13/18] userns: Only allow the creator of the userns unprivileged mappings Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 14/18] userns: Rename id_map_mutex to userns_state_mutex Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 15/18] userns: Add a knob to disable setgroups on a per user namespace basis Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 16/18] userns: Allow setting gid_maps without privilege when setgroups is disabled Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 17/18] userns; Correct the comment in map_write Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 18/18] userns: Unbreak the unprivileged remount tests Eric W. Biederman
2014-12-14 19:41 ` Richard Weinberger [this message]
[not found] ` <548DE7D7.3080607-/L3Ra7n9ekc@public.gmane.org>
2014-12-15 2:25 ` [PATCH review 00/18] userns: review of bug fixes for 3.19-rcX Eric W. Biederman
2014-12-15 2:25 ` Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 07/18] mnt: Clear mnt_expire during pivot_root Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 08/18] groups: Consolidate the setgroups permission checks Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 09/18] userns: Document what the invariant required for safe unprivileged mappings Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 10/18] userns: Don't allow setgroups until a gid mapping has been setablished Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 12/18] userns: Check euid no fsuid when establishing an unprivileged uid mapping Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 14/18] userns: Rename id_map_mutex to userns_state_mutex Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 15/18] userns: Add a knob to disable setgroups on a per user namespace basis Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 16/18] userns: Allow setting gid_maps without privilege when setgroups is disabled Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 17/18] userns; Correct the comment in map_write Eric W. Biederman
2014-12-12 22:48 ` [PATCH review 18/18] userns: Unbreak the unprivileged remount tests Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=548DE7D7.3080607@nod.at \
--to=richard-/l3ra7n9ekc@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=dottedmag-6nM9faFvqWvMFIMGWPqnnw@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=kzak-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.