These are fixes from Andys review of my user namespace tree.
The first two patches are critical must fix fixes.
The third patch fixing commit_creds is a nice to have but fixing it
would be good.
Andy, Serge if you could give these patches a once over to make certain
I am not doing something stupid.
Thank you,
Eric
---
Eric W. Biederman (4):
Fix cap_capable to only allow owners in the parent user namespace to have caps.
userns: Require CAP_SYS_ADMIN for most uses of setns.
userns: Add a more complete capability subset test to commit_creds
userns: Fix typo in description of the limitation of userns_install
fs/namespace.c | 3 ++-
ipc/namespace.c | 3 ++-
kernel/cred.c | 26 +++++++++++++++++++++++++-
kernel/pid_namespace.c | 3 ++-
kernel/user_namespace.c | 2 +-
kernel/utsname.c | 3 ++-
net/core/net_namespace.c | 3 ++-
security/commoncap.c | 25 +++++++++++++++++--------
8 files changed, 53 insertions(+), 15 deletions(-)
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
