Ben Hutchings <ben@xxxxxxxxxxxxxxx> writes: > On Wed, 2016-11-23 at 03:04 +0100, Thomas Deutschmann wrote: >> Hi, >> >> the following patch was backported to the following LTS kernels >> >> - >=3.16.35 >> - >=3.12.33 >> - >=3.10.60 >> - >=3.4.106 >> >> >> however it is missing from LTS kernels >> >> - linux-3.2 > [...] > > pivot_root() is only available with CAP_SYS_ADMIN, and 3.2 doesn't > support capabilities in user namespaces. So I don't believe this has > any security impact. Agreed. It will prevent root shooting themselves in the foot, in a way that should never have been allowed. There is no danger of an unprivileged user triggering this. If the patch applies cleanly to 3.2 it won't hurt and may help. But for 3.2 it would be just an ordinary bug fix. Eric