From: Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>
To: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
Cc: xemul-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
kernel list
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
LSM
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Kees Cook <kees.cook-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
Alexey Dobriyan
<adobriyan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Michael Kerrisk
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Subject: Re: [PATCH 4/9] allow killing tasks in your own or child userns
Date: Sat, 19 Feb 2011 11:55:01 +0100 [thread overview]
Message-ID: <4D5FA185.1040008@free.fr> (raw)
In-Reply-To: <20110217150325.GD26395-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
On 02/17/2011 04:03 PM, Serge E. Hallyn wrote:
> Changelog:
> Dec 8: Fixed bug in my check_kill_permission pointed out by
> Eric Biederman.
> Dec 13: Apply Eric's suggestion to pass target task into kill_ok_by_cred()
> for clarity
> Dec 31: address comment by Eric Biederman:
> don't need cred/tcred in check_kill_permission.
> Jan 1: use const cred struct.
> Jan 11: Per Bastian Blank's advice, clean up kill_ok_by_cred().
> Feb 16: kill_ok_by_cred: fix bad parentheses
>
> Signed-off-by: Serge E. Hallyn<serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Acked-by: Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>
next prev parent reply other threads:[~2011-02-19 10:55 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20110217150224.GA26334@mail.hallyn.com>
[not found] ` <20110217150224.GA26334-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-17 15:02 ` [PATCH 1/9] Add a user_namespace as creator/owner of uts_namespace Serge E. Hallyn
2011-02-17 15:03 ` [PATCH 2/9] security: Make capabilities relative to the user namespace Serge E. Hallyn
2011-02-17 15:03 ` [PATCH 3/9] allow sethostname in a container Serge E. Hallyn
2011-02-17 15:03 ` [PATCH 4/9] allow killing tasks in your own or child userns Serge E. Hallyn
2011-02-17 15:03 ` [PATCH 5/9] Allow ptrace from non-init user namespaces Serge E. Hallyn
2011-02-17 15:03 ` [PATCH 6/9] user namespaces: convert all capable checks in kernel/sys.c Serge E. Hallyn
2011-02-17 15:03 ` [PATCH 7/9] add a user namespace owner of ipc ns Serge E. Hallyn
2011-02-17 15:03 ` [PATCH 8/9] user namespaces: convert several capable() calls Serge E. Hallyn
2011-02-17 15:04 ` [PATCH 9/9] userns: check user namespace for task->file uid equivalence checks Serge E. Hallyn
2011-02-18 0:21 ` userns: targeted capabilities v5 Andrew Morton
2011-02-23 12:05 ` User namespaces and keys David Howells
[not found] ` <20110217150356.GH26395@mail.hallyn.com>
[not found] ` <20110217150356.GH26395-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-18 1:51 ` [PATCH 8/9] user namespaces: convert several capable() calls Eric W. Biederman
2011-02-19 19:07 ` Daniel Lezcano
[not found] ` <20110217162146.1b8e45e0.akpm@linux-foundation.org>
[not found] ` <20110217162146.1b8e45e0.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2011-02-18 3:53 ` userns: targeted capabilities v5 Eric W. Biederman
2011-02-18 4:28 ` Serge E. Hallyn
[not found] ` <20110217150316.GC26395@mail.hallyn.com>
[not found] ` <20110217150316.GC26395-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-18 3:05 ` [PATCH 3/9] allow sethostname in a container Eric W. Biederman
2011-02-18 23:46 ` Daniel Lezcano
[not found] ` <20110217150306.GB26395@mail.hallyn.com>
[not found] ` <20110217150306.GB26395-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-18 3:46 ` [PATCH 2/9] security: Make capabilities relative to the user namespace Eric W. Biederman
2011-02-18 23:44 ` Daniel Lezcano
2011-02-18 23:59 ` Andrew Morton
2011-02-23 11:40 ` David Howells
2011-02-23 16:59 ` David Howells
[not found] ` <20110217150333.GE26395@mail.hallyn.com>
[not found] ` <m1aahu9hea.fsf@fess.ebiederm.org>
[not found] ` <m1aahu9hea.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-02-18 4:36 ` [PATCH 5/9] Allow ptrace from non-init user namespaces Serge E. Hallyn
[not found] ` <20110218043601.GB9584@mail.hallyn.com>
[not found] ` <20110218043601.GB9584-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-24 0:49 ` [PATCH] userns: ptrace: incorporate feedback from Eric Serge E. Hallyn
[not found] ` <20110224004901.GB11822@mail.hallyn.com>
[not found] ` <20110224004901.GB11822-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-24 0:56 ` Andrew Morton
[not found] ` <20110223165651.cf248f3b.akpm@linux-foundation.org>
[not found] ` <20110223165651.cf248f3b.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2011-02-24 3:15 ` Serge E. Hallyn
[not found] ` <20110217150333.GE26395-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-18 2:59 ` [PATCH 5/9] Allow ptrace from non-init user namespaces Eric W. Biederman
2011-02-18 23:59 ` Andrew Morton
2011-02-19 17:49 ` Daniel Lezcano
2011-02-23 17:05 ` David Howells
2011-02-23 17:11 ` David Howells
[not found] ` <20110218155925.f7d30a52.akpm@linux-foundation.org>
[not found] ` <20110218155925.f7d30a52.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2011-02-24 0:43 ` Serge E. Hallyn
[not found] ` <20110217150342.GF26395@mail.hallyn.com>
[not found] ` <20110217150342.GF26395-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-18 1:57 ` [PATCH 6/9] user namespaces: convert all capable checks in kernel/sys.c Eric W. Biederman
2011-02-18 23:59 ` Andrew Morton
2011-02-19 0:01 ` Andrew Morton
2011-02-19 17:52 ` Daniel Lezcano
[not found] ` <20110217150325.GD26395@mail.hallyn.com>
[not found] ` <20110217150325.GD26395-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-18 3:00 ` [PATCH 4/9] allow killing tasks in your own or child userns Eric W. Biederman
2011-02-18 23:59 ` Andrew Morton
2011-02-19 10:55 ` Daniel Lezcano [this message]
[not found] ` <20110218155921.440f1137.akpm@linux-foundation.org>
[not found] ` <20110218155921.440f1137.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2011-02-24 0:48 ` Serge E. Hallyn
[not found] ` <20110224004818.GA11822@mail.hallyn.com>
[not found] ` <20110224004818.GA11822-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-24 0:54 ` Andrew Morton
[not found] ` <20110217150349.GG26395@mail.hallyn.com>
[not found] ` <20110217150349.GG26395-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-18 3:19 ` [PATCH 7/9] add a user namespace owner of ipc ns Eric W. Biederman
2011-02-18 23:59 ` Andrew Morton
2011-02-19 17:57 ` Daniel Lezcano
[not found] ` <20110217150406.GI26395@mail.hallyn.com>
[not found] ` <20110217150406.GI26395-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-18 1:29 ` [PATCH 9/9] userns: check user namespace for task->file uid equivalence checks Eric W. Biederman
2011-02-18 23:59 ` Andrew Morton
2011-02-19 19:22 ` Daniel Lezcano
[not found] ` <20110218155935.66e7782d.akpm@linux-foundation.org>
[not found] ` <20110218155935.66e7782d.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2011-02-24 3:24 ` Serge E. Hallyn
[not found] ` <20110224032415.GA5555@mail.hallyn.com>
[not found] ` <20110224032415.GA5555-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-24 5:08 ` Andrew Morton
[not found] ` <29256.1298461209-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-02-23 12:01 ` [PATCH 2/9] security: Make capabilities relative to the user namespace David Howells
[not found] ` <29617.1298462517@redhat.com>
[not found] ` <29617.1298462517-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-02-23 13:43 ` Serge E. Hallyn
[not found] ` <29677.1298462729@redhat.com>
[not found] ` <29677.1298462729-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-02-23 13:58 ` User namespaces and keys Serge E. Hallyn
[not found] ` <20110223135814.GA1859@mail.hallyn.com>
[not found] ` <20110223135814.GA1859-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-23 14:46 ` Eric W. Biederman
2011-02-23 15:06 ` David Howells
[not found] ` <890.1298473574@redhat.com>
[not found] ` <890.1298473574-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-02-23 15:45 ` Eric W. Biederman
[not found] ` <m162sasqj6.fsf@fess.ebiederm.org>
[not found] ` <m162sasqj6.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-02-23 15:53 ` Serge E. Hallyn
[not found] ` <20110223155328.GA21266@peq.hallyn.com>
[not found] ` <20110223155328.GA21266-BtbdaCaBcfOTUehee3IRJA@public.gmane.org>
2011-02-23 19:24 ` Casey Schaufler
[not found] ` <4D655EE4.6030707@schaufler-ca.com>
[not found] ` <4D655EE4.6030707-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2011-02-23 20:55 ` Eric W. Biederman
[not found] ` <m1k4gqlbdm.fsf@fess.ebiederm.org>
[not found] ` <m1k4gqlbdm.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-02-23 21:37 ` Casey Schaufler
[not found] ` <4D657E0C.3010102@schaufler-ca.com>
[not found] ` <4D657E0C.3010102-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2011-02-24 6:56 ` Eric W. Biederman
[not found] ` <20110217150257.GA26395@mail.hallyn.com>
[not found] ` <20110217150257.GA26395-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-18 3:31 ` [PATCH 1/9] Add a user_namespace as creator/owner of uts_namespace Eric W. Biederman
2011-02-18 16:57 ` Daniel Lezcano
2011-02-18 23:59 ` Andrew Morton
2011-02-23 17:16 ` David Howells
[not found] ` <3139.1298481393@redhat.com>
[not found] ` <3139.1298481393-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-02-23 21:21 ` Eric W. Biederman
[not found] ` <m1lj16ih0n.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-02-23 23:19 ` David Howells
[not found] ` <8559.1298503148@redhat.com>
[not found] ` <8559.1298503148-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-02-23 23:54 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D5FA185.1040008@free.fr \
--to=daniel.lezcano-ganu6spqydw@public.gmane.org \
--cc=adobriyan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=kees.cook-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org \
--cc=xemul-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox