Quoting Janne Karhunen (janne.karhunen@xxxxxxxxx): > On Tue, May 7, 2013 at 11:01 AM, Janne Karhunen > <janne.karhunen@xxxxxxxxx> wrote: > > > @@ -481,7 +490,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) > > const struct cred *old = current_cred(); > > struct cred *new = bprm->cred; > > bool effective, has_cap = false; > > - int ret; > > + int ret, has_res; > > kuid_t root_uid; > > > > effective = false; > > @@ -501,6 +510,8 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) > > warn_setuid_and_fcaps_mixed(bprm->filename); > > goto skip; > > } > > + has_res = cap_raised(new->cap_permitted, CAP_SYS_RESOURCE); > > + > > /* > > * To support inheritance of root-permissions and suid-root > > * executables under compatibility mode, we override the > > @@ -512,6 +523,9 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) > > /* pP' = (cap_bset & ~0) | (pI & ~0) */ > > new->cap_permitted = cap_combine(old->cap_bset, > > old->cap_inheritable); > > + > > + if (!has_res && (old->user_ns != &init_user_ns)) > > + cap_lower (new->cap_permitted, CAP_SYS_RESOURCE); > > } > > if (uid_eq(new->euid, root_uid)) > > effective = true; > > I am also seriously unhappy about this 'setuid compatibility mode' > here. It is highly surprising to have all caps elevated on uid/euid > root exec regardless of the executable setuid flags... It shouldn't be surprising - it's all in capabilities(7), has nothing to do with user namespaces, has been around a long time, and is configurable with securebits. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
