On Thu May 16, 2024 at 4:30 PM EEST, Ben Boeckel wrote: > On Thu, May 16, 2024 at 02:22:02 -0700, Jonathan Calmels wrote: > > Jonathan Calmels (3): > > capabilities: user namespace capabilities > > capabilities: add securebit for strict userns caps > > capabilities: add cap userns sysctl mask > > > > fs/proc/array.c | 9 ++++ > > include/linux/cred.h | 3 ++ > > include/linux/securebits.h | 1 + > > include/linux/user_namespace.h | 7 +++ > > include/uapi/linux/prctl.h | 7 +++ > > include/uapi/linux/securebits.h | 11 ++++- > > kernel/cred.c | 3 ++ > > kernel/sysctl.c | 10 ++++ > > kernel/umh.c | 16 +++++++ > > kernel/user_namespace.c | 83 ++++++++++++++++++++++++++++++--- > > security/commoncap.c | 59 +++++++++++++++++++++++ > > security/keys/process_keys.c | 3 ++ > > 12 files changed, 204 insertions(+), 8 deletions(-) > > I note a lack of any changes to `Documentation/` which seems quite > glaring for something with such a userspace visibility aspect to it. > > --Ben Yeah, also in cover letter it would be nice to refresh what is a bounding set. I had to xref that (recalled what it is), and then got bored reading the rest :-) Not exactly in the nutshell cover letter tbh, but maybe the content in that would be better put to Documentation/ BR, Jarkko
