Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx): > "Serge E. Hallyn" <serge@xxxxxxxxxx> writes: > > I think this hunk needs to be documented. I.e. given that scm_send() > > will call scm_set_cred() before calling __scm_send, I don't see how > > these conditions could happen? If the condition can legitimately > > happen, then given all of the pid_t vs struct pid and 'cred' vs. 'creds' > > in these two hunks, I think a comment over each would be nice. > > I think if you have the full context of __scm_send it becomes pretty obvious. > > case SCM_CREDENTIALS: > if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred))) > goto error; > memcpy(&p->creds, CMSG_DATA(cmsg), sizeof(struct ucred)); > err = scm_check_creds(&p->creds); > if (err) > goto error; > > At this point we have just copied ucred from userspace. We have done > scm_check_creds to ensure we allow the user to send the pid, uid, and > gid they have passed in. > > These tests catch the case where the user is legitimately sending > something other than their own credentials. Of course. Sorry. And I even had the context in the window next to the email... So finally, Acked-by: Serge E. Hallyn <serge@xxxxxxxxxx> to the set, and I'm looking forward to this being in. And it should solve the nuisance of containers without private netns rebooting their hosts when both use upstart. thanks, -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
