On Thu, May 16, 2024 at 02:22:02 -0700, Jonathan Calmels wrote: > Jonathan Calmels (3): > capabilities: user namespace capabilities > capabilities: add securebit for strict userns caps > capabilities: add cap userns sysctl mask > > fs/proc/array.c | 9 ++++ > include/linux/cred.h | 3 ++ > include/linux/securebits.h | 1 + > include/linux/user_namespace.h | 7 +++ > include/uapi/linux/prctl.h | 7 +++ > include/uapi/linux/securebits.h | 11 ++++- > kernel/cred.c | 3 ++ > kernel/sysctl.c | 10 ++++ > kernel/umh.c | 16 +++++++ > kernel/user_namespace.c | 83 ++++++++++++++++++++++++++++++--- > security/commoncap.c | 59 +++++++++++++++++++++++ > security/keys/process_keys.c | 3 ++ > 12 files changed, 204 insertions(+), 8 deletions(-) I note a lack of any changes to `Documentation/` which seems quite glaring for something with such a userspace visibility aspect to it. --Ben
