"Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> writes: > Limit per userns sysctls to only be opened for write by a holder > of CAP_SYS_RESOURCE. > > Add all of the necessary boilerplate for having per user namespace > sysctls. > @@ -141,6 +215,7 @@ void free_user_ns(struct user_namespace *ns) > > do { > parent = ns->parent; > + retire_userns_sysctls(ns); ^^^^^^^^^^ Unfortunately it is not safe to call a sleeping function here so this part needs to be taken back to the drawing board. Which means this change gets has to wait for next cycle. > #ifdef CONFIG_PERSISTENT_KEYRINGS > key_put(ns->persistent_keyring_register); > #endif Eric -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html