Quoting James Morris (jmorris@xxxxxxxxx):
> On Tue, 9 Jun 2009, Serge E. Hallyn wrote:
>
> > When restarting tasks, we want to be able to change xuid and
> > xgid in a struct cred, and do so with security checks. Break
> > the core functionality of set{fs,res}{u,g}id into cred_setX
> > which performs the access checks based on current_cred(),
> > but performs the requested change on a passed-in cred.
> >
>
> Please cc the lsm list when making changes to security.
Argh, they were cc:d on my last version, and I was sure I'd
put them in the list of headers for this set.
FWIW, the thread can be seen here
https://lists.linux-foundation.org/pipermail/containers/2009-June/018509.html
thanks,
-serge
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
