Re: [PATCH 1/2] user namespaces: let user_ns be cloned withfairsched

From: James Morris
Date: Sun Dec 07 2008 - 17:51:44 EST

Next message: James Morris: "Re: [PATCH 2/2] user namespaces: require cap_set{ug}id forCLONE_NEWUSER"
Previous message: Rafael J. Wysocki: "[Bug #12048] Regression in bonding between 2.6.26.8 and 2.6.27.6"
In reply to: Serge E. Hallyn: "Re: [PATCH 1/2] user namespaces: let user_ns be cloned withfairsched"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 3 Dec 2008, Serge E. Hallyn wrote:

> (These two patches are in the next-unacked branch of
> git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/userns-2.6.
> If they get some ACKs, then I hope to feed this into security-next.
> After these two, I think we're ready to tackle userns+capabilities)
>
> Fairsched creates a per-uid directory under /sys/kernel/uids/.
> So when you clone(CLONE_NEWUSER), it tries to create
> /sys/kernel/uids/0, which already exists, and you get back
> -ENOMEM.
>
> This was supposed to be fixed by sysfs tagging, but that
> was postponed (ok, rejected until sysfs locking is fixed).
> So, just as with network namespaces, we just don't create
> those directories for user namespaces other than the init.
>
> Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Morris: "Re: [PATCH 2/2] user namespaces: require cap_set{ug}id forCLONE_NEWUSER"
Previous message: Rafael J. Wysocki: "[Bug #12048] Regression in bonding between 2.6.26.8 and 2.6.27.6"
In reply to: Serge E. Hallyn: "Re: [PATCH 1/2] user namespaces: let user_ns be cloned withfairsched"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]