From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) Subject: Re: [RFC][PATCH] Fix cap_capable to only allow owners in the parent user namespace to have caps. Date: Thu, 13 Dec 2012 19:32:51 -0800 Message-ID: <87bodxi9zw.fsf@xmission.com> References: <87ip88uw4n.fsf@xmission.com> <50CA2B55.5070402@amacapital.net> <87mwxhtxve.fsf@xmission.com> <87zk1hshk7.fsf_-_@xmission.com> <20121214032820.GA5115@mail.hallyn.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20121214032820.GA5115-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> (Serge E. Hallyn's message of "Fri, 14 Dec 2012 03:28:20 +0000") List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "Serge E. Hallyn" Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, Linus Torvalds , Linux Kernel Mailing List , Andy Lutomirski List-Id: containers.vger.kernel.org "Serge E. Hallyn" writes: > Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org): >> >> Andy Lutomirski pointed out that the current behavior of allowing the >> owner of a user namespace to have all caps when that owner is not in a >> parent user namespace is wrong. > > To make sure I understand right, the issue is when a uid is mapped > into multiple namespaces. Yes. i.e. uid 1000 in ns1 may own ns2, but uid 1000 in ns3 does not? I am not certain of your example. The simple case is: init_user_ns: child_user_ns1 (owned by uid == 0 [in all user namespaces]) child_user_ns2 (owned by uid == 0 [ in all user namespaces]) root (uid == 0) in child_user_ns2 has all rights over anything in child_user_ns1. Thank you for looking. Eric