From: ebiederm@xmission.com (Eric W. Biederman)
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
Linux Containers <containers@lists.linux-foundation.org>,
Jann Horn <jannh@google.com>
Subject: [GIT PULL] namespace fixes for v4.20-rc2
Date: Sat, 10 Nov 2018 12:12:12 -0600 [thread overview]
Message-ID: <87pnvcls3n.fsf@xmission.com> (raw)
Linus,
Please pull the for-linus branch from the git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus
HEAD: 9c8e0a1b683525464a2abe9fb4b54404a50ed2b4 mount: Prevent MNT_DETACH from disconnecting locked mounts
I believe all of these are simple obviously correct bug fixes. These
fall into two groups. Fixing the implementation of MNT_LOCKED which
prevents lesser privileged users from seeing unders mounts created by
more privileged users. Fixing the extended uid and group mapping in
user namespaces.
As well as ensuring the code looks correct I have spot tested these
changes as well and in my testing the fixes are working.
I have let these changes sit on my branch for a few days as well and
none of the automated testing has found any problems either.
Eric W. Biederman (3):
mount: Retest MNT_LOCKED in do_umount
mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
mount: Prevent MNT_DETACH from disconnecting locked mounts
Jann Horn (1):
userns: also map extents in the reverse map to kernel IDs
fs/namespace.c | 22 +++++++++++++++++-----
kernel/user_namespace.c | 12 ++++++++----
2 files changed, 25 insertions(+), 9 deletions(-)
Eric
next reply other threads:[~2018-11-11 3:58 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-10 18:12 Eric W. Biederman [this message]
2018-11-10 19:35 ` [GIT PULL] namespace fixes for v4.20-rc2 pr-tracker-bot
2018-11-14 0:55 ` pr-tracker-bot
2018-11-14 1:01 ` Konstantin Ryabitsev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pnvcls3n.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=containers@lists.linux-foundation.org \
--cc=jannh@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox