https://bugzilla.kernel.org/show_bug.cgi?id=82531 Jann Horn <jann+kernelbugzilla@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jann+kernelbugzilla@thejh.n | |et --- Comment #5 from Jann Horn <jann+kernelbugzilla@xxxxxxxxx> --- This is documented. See user_namespaces.7: 3. When a user namespace is created, the kernel records the effective user ID of the creating process as being the "owner" of the namespace. A process that resides in the parent of the user namespace and whose effective user ID matches the owner of the namespace has all capabilities in the namespace. So, a process outside the namespace with the same EUID as the process that moved itself into a new namespace has CAP_SYS_PTRACE inside the namespace. And as capabilities.7 documents: CAP_SYS_PTRACE * Trace arbitrary processes using ptrace(2); -- You are receiving this mail because: You are watching the assignee of the bug. -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
