On Thu, Sep 11, 2014 at 7:46 AM, Michael Kerrisk (man-pages) <mtk.manpages@xxxxxxxxx> wrote: > Hi Eric, > > On 09/09/2014 09:05 AM, Eric W. Biederman wrote: >> "Michael Kerrisk (man-pages)" <mtk.manpages@xxxxxxxxx> writes: >> >>> Hi Andy, and Eric, >>>>> 1. The writing process must have the CAP_SETUID (CAP_SETGID) >>>>> capability in the user namespace of the process pid. >>>> >>>> This checked for the opening process (and I don't actually remember >>>> whether it's checked for the writing process). >>> >>> Eric, can you comment? >> >> We have to check for the opening processes and that changes was made >> after I implemented my interface. Pieces of the code appear to also >> examine the writing process and verify everything applies to it as well. >> >> I goofed when I designed the interface originall and had not realized >> what a classic design error it can be to not restrict by the opening >> process. > > So, I still need some help here. Should the sentence above just read: > > 1. The *opening* process must have the CAP_SETUID (CAP_SETGID) > capability in the user namespace of the process pid. I think this is sufficient. > > or must something also be said about the writing process? (If so, i'd > appreciate a completely formed sentence or two that I can just drop into > the man page..) There might be a restriction there, too, but I think it could be removed, and I also think that it's unlikely that anyone will encounter it. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
