Re: [PATCH] fs: Make /proc/sys inodes be owned by global root.

From: Luis Chamberlain
Date: Fri Nov 30 2018 - 13:19:51 EST

Next message: Sebastian Andrzej Siewior: "Re: [PATCH v2] kmemleak: Turn kmemleak_lock to raw spinlock on RT"
Previous message: Taniya Das: "Re: [PATCH v10 3/3] clk: qcom: Add lpass clock controller driver for SDM845"
In reply to: Eric W. Biederman: "Re: [PATCH] fs: Make /proc/sys inodes be owned by global root."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 30, 2018 at 08:48:11AM -0600, Eric W. Biederman wrote:
> Luis Chamberlain <mcgrof@xxxxxxxxxx> writes:
>
> > The logic seems sensible then, but are we implicating what a container
> > does with its sysctl values onto the entire system? If so, sure, it
> > seems you want this for networking purposes as there are a series of
> > sysctl values a container may want to muck with, but are we sure we
> > want the same for *all* sysctl entries?
>
> No. Please look at the patch again. It sets the default uid and gid
> for sysctl entries to 0. AKA GLOBAL_ROOT_UID and GLOBAL_ROOT_GID
> because there is a bug and they were not set to that value.
>
> Those are the uids and gids that are tested agasint. It just happens
> you have to be in a weird configuration for this bug to become a problem.

Thanks, then provided the commit lot is modified:

Acked-by: Luis Chamberlain <mcgrof@xxxxxxxxxx>

Luis

Next message: Sebastian Andrzej Siewior: "Re: [PATCH v2] kmemleak: Turn kmemleak_lock to raw spinlock on RT"
Previous message: Taniya Das: "Re: [PATCH v10 3/3] clk: qcom: Add lpass clock controller driver for SDM845"
In reply to: Eric W. Biederman: "Re: [PATCH] fs: Make /proc/sys inodes be owned by global root."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]