On 02/17/2011 04:03 PM, Serge E. Hallyn wrote: > CAP_IPC_OWNER and CAP_IPC_LOCK can be checked against current_user_ns(), > because the resource comes from current's own ipc namespace. > > setuid/setgid are to uids in own namespace, so again checks can be > against current_user_ns(). > > Changelog: > Jan 11: Use task_ns_capable() in place of sched_capable(). > Jan 11: Use nsown_capable() as suggested by Bastian Blank. > Jan 11: Clarify (hopefully) some logic in futex and sched.c > Feb 15: use ns_capable for ipc, not nsown_capable > > Signed-off-by: Serge E. Hallyn<serge.hallyn@xxxxxxxxxxxxx> > --- Acked-by: Daniel Lezcano <daniel.lezcano@xxxxxxx> _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
