On Thu, 24 Feb 2011 00:49:01 +0000 "Serge E. Hallyn" <serge@xxxxxxxxxx> wrote: > same_or_ancestore_user_ns() was not an appropriate check to > constrain cap_issubset. Rather, cap_issubset() only is > meaningful when both capsets are in the same user_ns. I queued this as a fix against userns-allow-ptrace-from-non-init-user-namespaces.patch, but I get the feeling that it would be better to just drop everything and start again? _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
