From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tejun Heo Subject: Re: [PATCH 8/8] Add FS_USERNS_FLAG to cgroup fs Date: Tue, 16 Feb 2016 13:05:51 -0500 Message-ID: <20160216180551.GN3741@mtj.duckdns.org> References: <1454057651-23959-1-git-send-email-serge.hallyn@ubuntu.com> <1454057651-23959-9-git-send-email-serge.hallyn@ubuntu.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <1454057651-23959-9-git-send-email-serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org> Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org, linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, lxc-devel-cunTk1MwBs9qMoObBWhMNEqPaTDuhLve2LY78lusg7I@public.gmane.org, akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org, ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org, gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org, lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org, hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org, Serge Hallyn List-Id: linux-api@vger.kernel.org On Fri, Jan 29, 2016 at 02:54:11AM -0600, serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org wrote: > From: Serge Hallyn > > allowing root in a non-init user namespace to mount it. This should > now be safe, because > > 1. non-init-root cannot mount a previously unbound subsystem > 2. the task doing the mount must be privileged with respect to the > user namespace owning the cgroup namespace > 3. the mounted subsystem will have its current cgroup as the root dentry. > the permissions will be unchanged, so tasks will receive no new > privilege over the cgroups which they did not have on the original > mounts. > > Signed-off-by: Serge Hallyn Applied 1-8 to cgroup/for-4.6-ns w/ trivial stylistic updates. Thanks. -- tejun