On Wed, Jan 18, 2017 at 3:35 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > On Wed, Jan 18, 2017 at 2:50 PM, Djalal Harouni <tixxdz@xxxxxxxxx> wrote: >> Andy I don't follow here, no_new_privs is never cleared right ? I >> can't see the corresponding clear bit code for it. > > I believe that unsharing userns clears no_new_privs. Seriously? That's kind of ... weird. I mean, I guess you're priv-confined in a way, but that seems fragile. -Kees -- Kees Cook Pixel Security -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
