They are normally disallowed because they could be used to subvert setuid programs. But if setuid is disabled, then they are safe. Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx> --- kernel/nsproxy.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index 9aeab4b..471f4a3 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c @@ -191,7 +191,13 @@ int unshare_nsproxy_namespaces(unsigned long unshare_flags, CLONE_NEWNET))) return 0; - if (!capable(CAP_SYS_ADMIN)) + /* We require either no_new_privs or CAP_SYS_ADMIN for all modes */ + if (!current->no_new_privs && !capable(CAP_SYS_ADMIN)) + return -EPERM; + + /* NEWNS and NEWNET always require CAP_SYS_ADMIN. */ + if ((unshare_flags & (CLONE_NEWNS | CLONE_NEWNET)) && + !capable(CAP_SYS_ADMIN)) return -EPERM; *new_nsp = create_new_namespaces(unshare_flags, current, -- 1.7.7.5 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
