Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
From: chris hyser <chris.hyser@xxxxxxxxxx>
Date: Thu, 9 Nov 2017 13:27:47 -0500
Cc: Daniel Micay <danielmicay@xxxxxxxxx>, Mahesh Bandewar (महेश बंडेवार) <maheshb@xxxxxxxxxx>, Mahesh Bandewar <mahesh@xxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Netdev <netdev@xxxxxxxxxxxxxxx>, Kernel-hardening <kernel-hardening@xxxxxxxxxxxxxxxxxx>, Linux API <linux-api@xxxxxxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, "Eric W . Biederman" <ebiederm@xxxxxxxxxxxx>, Eric Dumazet <edumazet@xxxxxxxxxx>, David Miller <davem@xxxxxxxxxxxxx>
In-reply-to: <20171109180536.GA27994@mail.hallyn.com>
References: <20171103004436.40026-1-mahesh@bandewar.net> <20171104235346.GA17170@mail.hallyn.com> <CAF2d9jg1tZz-hnVBeXm3geq7jSBt5v5w6+p5B1V-7huS4qbMBA@mail.gmail.com> <20171106150302.GA26634@mail.hallyn.com> <1510003994.736.0.camel@gmail.com> <20171106221418.GA32543@mail.hallyn.com> <1510020963.736.42.camel@gmail.com> <20171107032310.GA6429@mail.hallyn.com> <da764cbf-7522-06a0-6c21-adfa3eaac9c2@oracle.com> <20171109180536.GA27994@mail.hallyn.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

On 11/09/2017 01:05 PM, Serge E. Hallyn wrote:

Would the existing capability bounding set not suffice for that?

The 'permanent' bounding set turns out to not be a good fit for
the problem being discussed in this thread, but please feel free
to start a new thread if you want to discuss your use case.

Sure. I will formulate something for a new thread. What seems to beasked for here is a way to globally patch the capability sets of aentire process subtree.


-chrish

--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

References:
- [PATCH resend 2/2] userns: control capabilities of some user namespaces
  - From: Mahesh Bandewar
- Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
  - From: Serge E. Hallyn
- Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
  - From: Mahesh Bandewar (महेश बंडेवार)
- Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
  - From: Serge E. Hallyn
- Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
  - From: Daniel Micay
- Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
  - From: Serge E. Hallyn
- Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
  - From: Daniel Micay
- Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
  - From: Serge E. Hallyn
- Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
  - From: chris hyser
- Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
  - From: Serge E. Hallyn

Prev by Date: Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
Next by Date: Re: [RFC PATCH for 4.15 5/6] membarrier: x86: Provide core serializing command
Previous by thread: Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
Next by thread: Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces
Index(es):
- Date
- Thread

[Index of Archives] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]