Re: [PATCH 0/2] userns: Creation logic fixes

From: Kees Cook
Date: Wed Aug 12 2015 - 02:29:32 EST

Next message: Kun Huang: "Re: [ftrace] possible to implement user-space tracers?"
Previous message: Christoph Hellwig: "Persistent Reservation API V2"
In reply to: Oleg Nesterov: "Re: [PATCH 2/2] userns,pidns: Force thread group sharing, not signal handler sharing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 11, 2015 at 6:22 PM, Eric W. Biederman
<ebiederm@xxxxxxxxxxxx> wrote:
>
> So I have take a good hard stare at the problem, as well as sitting down
> and writing some test code to verify the code works the way I think it
> does.
>
> The following two patches are how I think this bit of chaos needs to be
> solved. If folks could take a once over these patches and possibly test
> them to confirm they fix your issues I would appreciate it.
>
> Eric W. Biederman (2):
> unshare: Unsharing a thread does not require unsharing a vm
> userns,pidns: Force thread group sharing, not signal handler sharing.
>
> kernel/fork.c | 32 ++++++++++++++++++--------------
> kernel/user_namespace.c | 4 ++--
> 2 files changed, 20 insertions(+), 16 deletions(-)

Thanks for digging into this!

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kun Huang: "Re: [ftrace] possible to implement user-space tracers?"
Previous message: Christoph Hellwig: "Persistent Reservation API V2"
In reply to: Oleg Nesterov: "Re: [PATCH 2/2] userns,pidns: Force thread group sharing, not signal handler sharing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]