From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Amir Goldstein <amir73il-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
linux-kernel
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
linux-fsdevel
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Michal Hocko <mhocko-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Subject: Re: [REVIEW][PATCH] exec: Don't exec files the userns root can not read.
Date: Wed, 19 Oct 2016 12:04:45 -0500 [thread overview]
Message-ID: <87lgxkjmmq.fsf@xmission.com> (raw)
In-Reply-To: <87mvi0mpix.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> (Eric W. Biederman's message of "Wed, 19 Oct 2016 08:33:58 -0500")
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) writes:
> Amir Goldstein <amir73il-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> writes:
>
>>> diff --git a/fs/exec.c b/fs/exec.c
>>> index 6fcfb3f7b137..f724ed94ba7a 100644
>>> --- a/fs/exec.c
>>> +++ b/fs/exec.c
>>> @@ -1270,12 +1270,21 @@ EXPORT_SYMBOL(flush_old_exec);
>>>
>>> void would_dump(struct linux_binprm *bprm, struct file *file)
>>> {
>>> - if (inode_permission(file_inode(file), MAY_READ) < 0)
>>> + struct inode *inode = file_inode(file);
>>> + if (inode_permission(inode, MAY_READ) < 0) {
>>> + struct user_namespace *user_ns = current->mm->user_ns;
>>> bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
>>> +
>>> + /* May the user_ns root read the executable? */
>>> + if (!kuid_has_mapping(user_ns, inode->i_uid) ||
>>> + !kgid_has_mapping(user_ns, inode->i_gid)) {
>>> + bprm->interp_flags |= BINPRM_FLAGS_EXEC_INACCESSIBLE;
>>> + }
>>
>> This feels like it should belong inside
>> inode_permission(file_inode(file), MAY_EXEC)
>> which hopefully should be checked long before getting here??
>
> It is the active ingredient in capable_wrt_inode_uidgid and is indeed
> inside of inode_permission.
>
> What I am testing for here is if I have a process with a full
> set of capabilities in current->mm->user_ns will the inode be readable.
>
> I can see an argument for calling prepare_creds stuffing the new cred
> full of capabilities. Calling override_cred. Calling inode_permission,
> restoring the credentials. But it seems very much like overkill and
> more error prone because of the more code involved.
>
> So I have done the simple thing that doesn't hide what is really going on.
At the same time I can see the addition of a helper function
bool ns_inode(struct user_namespace *user_ns, struct inode *inode)
{
return kuid_has_mapping(user_ns, inode->i_uid) &&
kgid_has_mapping(user_ns, inode->i_gid);
}
That abstracts out the concept instead of open codes it.
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Amir Goldstein <amir73il@gmail.com>
Cc: linux-kernel <linux-kernel@vger.kernel.org>,
Linux Containers <containers@lists.linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
Andy Lutomirski <luto@amacapital.net>,
linux-mm@kvack.org,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Michal Hocko <mhocko@kernel.org>
Subject: Re: [REVIEW][PATCH] exec: Don't exec files the userns root can not read.
Date: Wed, 19 Oct 2016 12:04:45 -0500 [thread overview]
Message-ID: <87lgxkjmmq.fsf@xmission.com> (raw)
In-Reply-To: <87mvi0mpix.fsf@xmission.com> (Eric W. Biederman's message of "Wed, 19 Oct 2016 08:33:58 -0500")
ebiederm@xmission.com (Eric W. Biederman) writes:
> Amir Goldstein <amir73il@gmail.com> writes:
>
>>> diff --git a/fs/exec.c b/fs/exec.c
>>> index 6fcfb3f7b137..f724ed94ba7a 100644
>>> --- a/fs/exec.c
>>> +++ b/fs/exec.c
>>> @@ -1270,12 +1270,21 @@ EXPORT_SYMBOL(flush_old_exec);
>>>
>>> void would_dump(struct linux_binprm *bprm, struct file *file)
>>> {
>>> - if (inode_permission(file_inode(file), MAY_READ) < 0)
>>> + struct inode *inode = file_inode(file);
>>> + if (inode_permission(inode, MAY_READ) < 0) {
>>> + struct user_namespace *user_ns = current->mm->user_ns;
>>> bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
>>> +
>>> + /* May the user_ns root read the executable? */
>>> + if (!kuid_has_mapping(user_ns, inode->i_uid) ||
>>> + !kgid_has_mapping(user_ns, inode->i_gid)) {
>>> + bprm->interp_flags |= BINPRM_FLAGS_EXEC_INACCESSIBLE;
>>> + }
>>
>> This feels like it should belong inside
>> inode_permission(file_inode(file), MAY_EXEC)
>> which hopefully should be checked long before getting here??
>
> It is the active ingredient in capable_wrt_inode_uidgid and is indeed
> inside of inode_permission.
>
> What I am testing for here is if I have a process with a full
> set of capabilities in current->mm->user_ns will the inode be readable.
>
> I can see an argument for calling prepare_creds stuffing the new cred
> full of capabilities. Calling override_cred. Calling inode_permission,
> restoring the credentials. But it seems very much like overkill and
> more error prone because of the more code involved.
>
> So I have done the simple thing that doesn't hide what is really going on.
At the same time I can see the addition of a helper function
bool ns_inode(struct user_namespace *user_ns, struct inode *inode)
{
return kuid_has_mapping(user_ns, inode->i_uid) &&
kgid_has_mapping(user_ns, inode->i_gid);
}
That abstracts out the concept instead of open codes it.
Eric
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Amir Goldstein <amir73il@gmail.com>
Cc: linux-kernel <linux-kernel@vger.kernel.org>,
Linux Containers <containers@lists.linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
Andy Lutomirski <luto@amacapital.net>,
linux-mm@kvack.org, linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Michal Hocko <mhocko@kernel.org>
Subject: Re: [REVIEW][PATCH] exec: Don't exec files the userns root can not read.
Date: Wed, 19 Oct 2016 12:04:45 -0500 [thread overview]
Message-ID: <87lgxkjmmq.fsf@xmission.com> (raw)
In-Reply-To: <87mvi0mpix.fsf@xmission.com> (Eric W. Biederman's message of "Wed, 19 Oct 2016 08:33:58 -0500")
ebiederm@xmission.com (Eric W. Biederman) writes:
> Amir Goldstein <amir73il@gmail.com> writes:
>
>>> diff --git a/fs/exec.c b/fs/exec.c
>>> index 6fcfb3f7b137..f724ed94ba7a 100644
>>> --- a/fs/exec.c
>>> +++ b/fs/exec.c
>>> @@ -1270,12 +1270,21 @@ EXPORT_SYMBOL(flush_old_exec);
>>>
>>> void would_dump(struct linux_binprm *bprm, struct file *file)
>>> {
>>> - if (inode_permission(file_inode(file), MAY_READ) < 0)
>>> + struct inode *inode = file_inode(file);
>>> + if (inode_permission(inode, MAY_READ) < 0) {
>>> + struct user_namespace *user_ns = current->mm->user_ns;
>>> bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
>>> +
>>> + /* May the user_ns root read the executable? */
>>> + if (!kuid_has_mapping(user_ns, inode->i_uid) ||
>>> + !kgid_has_mapping(user_ns, inode->i_gid)) {
>>> + bprm->interp_flags |= BINPRM_FLAGS_EXEC_INACCESSIBLE;
>>> + }
>>
>> This feels like it should belong inside
>> inode_permission(file_inode(file), MAY_EXEC)
>> which hopefully should be checked long before getting here??
>
> It is the active ingredient in capable_wrt_inode_uidgid and is indeed
> inside of inode_permission.
>
> What I am testing for here is if I have a process with a full
> set of capabilities in current->mm->user_ns will the inode be readable.
>
> I can see an argument for calling prepare_creds stuffing the new cred
> full of capabilities. Calling override_cred. Calling inode_permission,
> restoring the credentials. But it seems very much like overkill and
> more error prone because of the more code involved.
>
> So I have done the simple thing that doesn't hide what is really going on.
At the same time I can see the addition of a helper function
bool ns_inode(struct user_namespace *user_ns, struct inode *inode)
{
return kuid_has_mapping(user_ns, inode->i_uid) &&
kgid_has_mapping(user_ns, inode->i_gid);
}
That abstracts out the concept instead of open codes it.
Eric
next prev parent reply other threads:[~2016-10-19 17:04 UTC|newest]
Thread overview: 159+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-17 16:39 [REVIEW][PATCH] mm: Add a user_ns owner to mm_struct and fix ptrace_may_access Eric W. Biederman
2016-10-17 16:39 ` Eric W. Biederman
2016-10-17 16:39 ` Eric W. Biederman
2016-10-17 17:25 ` Jann Horn
[not found] ` <20161017172547.GJ14666-J1fxOzX/cBvk1uMJSBkQmQ@public.gmane.org>
2016-10-17 17:33 ` Eric W. Biederman
2016-10-17 17:33 ` Eric W. Biederman
2016-10-17 17:33 ` Eric W. Biederman
2016-10-18 13:50 ` Michal Hocko
2016-10-18 13:50 ` Michal Hocko
[not found] ` <20161018135031.GB13117-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2016-10-18 13:57 ` Jann Horn
2016-10-18 13:57 ` Jann Horn
2016-10-18 14:56 ` Eric W. Biederman
2016-10-18 14:56 ` Eric W. Biederman
2016-10-18 14:56 ` Eric W. Biederman
2016-10-18 15:05 ` Jann Horn
[not found] ` <20161018150507.GP14666-J1fxOzX/cBvk1uMJSBkQmQ@public.gmane.org>
2016-10-18 15:35 ` Eric W. Biederman
2016-10-18 15:35 ` Eric W. Biederman
2016-10-18 15:35 ` Eric W. Biederman
[not found] ` <87twc9656s.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-18 19:12 ` Jann Horn
2016-10-18 19:12 ` Jann Horn
2016-10-18 19:12 ` Jann Horn
2016-10-18 21:07 ` Eric W. Biederman
2016-10-18 21:07 ` Eric W. Biederman
[not found] ` <87r37dnz74.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-18 21:15 ` [REVIEW][PATCH] exec: Don't exec files the userns root can not read Eric W. Biederman
2016-10-18 21:15 ` Eric W. Biederman
2016-10-18 21:15 ` Eric W. Biederman
2016-10-19 6:13 ` Amir Goldstein
2016-10-19 6:13 ` Amir Goldstein
2016-10-19 13:33 ` Eric W. Biederman
2016-10-19 13:33 ` Eric W. Biederman
[not found] ` <87mvi0mpix.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-19 17:04 ` Eric W. Biederman [this message]
2016-10-19 17:04 ` Eric W. Biederman
2016-10-19 17:04 ` Eric W. Biederman
[not found] ` <CAOQ4uxjyZF346vq-Oi=HwB=jj6ePycHBnEfvVPet9KqPxL9mgg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-19 13:33 ` Eric W. Biederman
[not found] ` <87k2d5nytz.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-19 6:13 ` Amir Goldstein
2016-10-19 15:30 ` Andy Lutomirski
2016-10-19 15:30 ` Andy Lutomirski
2016-10-19 15:30 ` Andy Lutomirski
2016-10-19 16:52 ` Eric W. Biederman
2016-10-19 16:52 ` Eric W. Biederman
2016-10-19 16:52 ` Eric W. Biederman
[not found] ` <87y41kjn6l.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-19 17:29 ` Jann Horn
2016-10-19 18:36 ` Andy Lutomirski
2016-10-19 17:29 ` Jann Horn
2016-10-19 17:29 ` Jann Horn
[not found] ` <20161019172917.GE1210-GiL72Q0nGm9Crx9znvW9yA@public.gmane.org>
2016-10-19 17:32 ` Andy Lutomirski
2016-10-19 17:32 ` Andy Lutomirski
2016-10-19 17:32 ` Andy Lutomirski
[not found] ` <CALCETrWSY1SRse5oqSwZ=goQ+ZALd2XcTP3SZ8ry49C8rNd98Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-19 17:55 ` Eric W. Biederman
2016-10-19 17:55 ` Eric W. Biederman
2016-10-19 17:55 ` Eric W. Biederman
2016-10-19 17:55 ` Eric W. Biederman
[not found] ` <87pomwi5p2.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-19 18:38 ` Andy Lutomirski
2016-10-19 18:38 ` Andy Lutomirski
2016-10-19 18:38 ` Andy Lutomirski
2016-10-19 21:26 ` Eric W. Biederman
2016-10-19 21:26 ` Eric W. Biederman
2016-10-19 21:26 ` Eric W. Biederman
2016-10-19 23:17 ` Andy Lutomirski
2016-10-19 23:17 ` Andy Lutomirski
[not found] ` <CALCETrXA2EnE8X3HzetLG6zS8YSVjJQJrsSumTfvEcGq=r5vsw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-17 17:02 ` [REVIEW][PATCH 0/3] Fixing ptrace vs exec vs userns interactions Eric W. Biederman
2016-11-17 17:02 ` Eric W. Biederman
2016-11-17 17:02 ` Eric W. Biederman
2016-11-17 17:02 ` Eric W. Biederman
2016-11-17 17:05 ` [REVIEW][PATCH 1/3] ptrace: Capture the ptracer's creds not PT_PTRACE_CAP Eric W. Biederman
2016-11-17 17:05 ` Eric W. Biederman
2016-11-17 17:05 ` Eric W. Biederman
[not found] ` <87oa1eavfx.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-11-17 23:14 ` Kees Cook
2016-11-17 23:27 ` Andy Lutomirski
2016-11-17 23:14 ` Kees Cook
2016-11-17 23:14 ` Kees Cook
[not found] ` <CAGXu5jKbVkCGVSoxNQ=pTCBX1Boe3rPR1P56P-kR9AHWYHBs2w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-18 18:56 ` Eric W. Biederman
2016-11-18 18:56 ` Eric W. Biederman
2016-11-18 18:56 ` Eric W. Biederman
2016-11-18 18:56 ` Eric W. Biederman
2016-11-17 23:27 ` Andy Lutomirski
2016-11-17 23:27 ` Andy Lutomirski
[not found] ` <CALCETrUSnPfzpabQMNuyOu09j9QDzRDeoQVF_U51=ow3bP5pkw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-17 23:44 ` Eric W. Biederman
2016-11-17 23:44 ` Eric W. Biederman
2016-11-17 23:44 ` Eric W. Biederman
2016-11-17 23:44 ` Eric W. Biederman
2016-11-17 17:08 ` [REVIEW][PATCH 2/3] exec: Don't allow ptracing an exec of an unreadable file Eric W. Biederman
2016-11-17 17:08 ` Eric W. Biederman
2016-11-17 17:08 ` Eric W. Biederman
[not found] ` <87inrmavax.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-11-17 20:47 ` Willy Tarreau
2016-11-17 23:29 ` Andy Lutomirski
2016-11-17 20:47 ` Willy Tarreau
2016-11-17 20:47 ` Willy Tarreau
[not found] ` <20161117204707.GB10421-K+wRfnb2/UA@public.gmane.org>
2016-11-17 21:07 ` Kees Cook
2016-11-17 21:07 ` Kees Cook
2016-11-17 21:07 ` Kees Cook
[not found] ` <CAGXu5jJc6TmzdVp+4OMDAt5Kd68hHbNBXaRPD8X0+m558hx3qw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-17 21:32 ` Willy Tarreau
2016-11-17 23:28 ` Andy Lutomirski
2016-11-17 23:28 ` Andy Lutomirski
2016-11-17 23:28 ` Andy Lutomirski
2016-11-17 21:32 ` Willy Tarreau
2016-11-17 21:32 ` Willy Tarreau
2016-11-17 21:51 ` Eric W. Biederman
2016-11-17 21:51 ` Eric W. Biederman
2016-11-17 21:51 ` Eric W. Biederman
[not found] ` <874m3522sy.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-11-17 22:50 ` [REVIEW][PATCH 2/3] ptrace: Don't allow accessing an undumpable mm Eric W. Biederman
2016-11-17 22:50 ` Eric W. Biederman
2016-11-17 22:50 ` Eric W. Biederman
2016-11-17 22:50 ` Eric W. Biederman
2016-11-17 23:17 ` Kees Cook
2016-11-17 23:17 ` Kees Cook
[not found] ` <87shqpzpok.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-11-17 23:17 ` Kees Cook
[not found] ` <20161117213258.GA10839-K+wRfnb2/UA@public.gmane.org>
2016-11-17 21:51 ` [REVIEW][PATCH 2/3] exec: Don't allow ptracing an exec of an unreadable file Eric W. Biederman
2016-11-17 23:29 ` Andy Lutomirski
2016-11-17 23:29 ` Andy Lutomirski
[not found] ` <CALCETrUvKpRCXRE+K512E_q9-o8Gzgb+3XsAzSo+ZFdgqeX-eQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-17 23:55 ` Eric W. Biederman
2016-11-17 23:55 ` Eric W. Biederman
2016-11-17 23:55 ` Eric W. Biederman
2016-11-17 23:55 ` Eric W. Biederman
[not found] ` <87mvgxwtjv.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-11-18 0:10 ` Andy Lutomirski
2016-11-18 0:10 ` Andy Lutomirski
2016-11-18 0:10 ` Andy Lutomirski
2016-11-18 0:35 ` Eric W. Biederman
2016-11-18 0:35 ` Eric W. Biederman
2016-11-18 0:35 ` Eric W. Biederman
[not found] ` <CALCETrX=61Sk9qim+Psjn83gohuizEsrpUC9gF-vwQTtR4GuJw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-18 0:35 ` Eric W. Biederman
2016-11-17 17:10 ` [REVIEW][PATCH 3/3] exec: Ensure mm->user_ns contains the execed files Eric W. Biederman
2016-11-17 17:10 ` Eric W. Biederman
2016-11-17 17:10 ` Eric W. Biederman
[not found] ` <87twb6avk8.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-11-17 17:05 ` [REVIEW][PATCH 1/3] ptrace: Capture the ptracer's creds not PT_PTRACE_CAP Eric W. Biederman
2016-11-17 17:08 ` [REVIEW][PATCH 2/3] exec: Don't allow ptracing an exec of an unreadable file Eric W. Biederman
2016-11-17 17:10 ` [REVIEW][PATCH 3/3] exec: Ensure mm->user_ns contains the execed files Eric W. Biederman
2016-11-19 7:17 ` [REVIEW][PATCH 0/3] Fixing ptrace vs exec vs userns interactions Willy Tarreau
2016-11-19 7:17 ` Willy Tarreau
2016-11-19 7:17 ` Willy Tarreau
2016-11-19 9:28 ` Willy Tarreau
2016-11-19 9:28 ` Willy Tarreau
2016-11-19 9:33 ` Willy Tarreau
2016-11-19 9:33 ` Willy Tarreau
[not found] ` <20161119092804.GA13553-K+wRfnb2/UA@public.gmane.org>
2016-11-19 9:33 ` Willy Tarreau
2016-11-19 18:44 ` Eric W. Biederman
2016-11-19 18:44 ` Eric W. Biederman
2016-11-19 18:44 ` Eric W. Biederman
2016-11-19 18:44 ` Eric W. Biederman
[not found] ` <20161119071700.GA13347-K+wRfnb2/UA@public.gmane.org>
2016-11-19 9:28 ` Willy Tarreau
2016-11-19 18:35 ` Eric W. Biederman
2016-11-19 18:35 ` Eric W. Biederman
2016-11-19 18:35 ` Eric W. Biederman
2016-11-19 18:35 ` Eric W. Biederman
2016-11-19 18:37 ` Eric W. Biederman
2016-11-19 18:37 ` Eric W. Biederman
2016-11-19 18:37 ` Eric W. Biederman
[not found] ` <87d1hrjp23.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-11-19 18:37 ` Eric W. Biederman
[not found] ` <87pomwghda.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-19 23:17 ` [REVIEW][PATCH] exec: Don't exec files the userns root can not read Andy Lutomirski
[not found] ` <CALCETrUz2oU6OYwQ9K4M-SUg6FeDsd6Q1gf1w-cJRGg2PdmK8g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-19 21:26 ` Eric W. Biederman
2016-10-19 18:36 ` Andy Lutomirski
[not found] ` <CALCETrU4SZYUEPrv4JkpUpA+0sZ=EirZRftRDp+a5hce5E7HgA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-19 16:52 ` Eric W. Biederman
[not found] ` <20161018191206.GA1210-GiL72Q0nGm9Crx9znvW9yA@public.gmane.org>
2016-10-18 21:07 ` [REVIEW][PATCH] mm: Add a user_ns owner to mm_struct and fix ptrace_may_access Eric W. Biederman
2016-10-18 18:06 ` Michal Hocko
2016-10-18 18:06 ` Michal Hocko
[not found] ` <8737jt903u.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-18 15:05 ` Jann Horn
2016-10-18 18:06 ` Michal Hocko
[not found] ` <87twcbq696.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-10-17 17:25 ` Jann Horn
2016-10-18 13:50 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lgxkjmmq.fsf@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=amir73il-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mhocko-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.