Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to preventexecve from granting privs
From: Andrew Morton
Date: Fri Apr 06 2012 - 15:49:29 EST
On Thu, 29 Mar 2012 15:01:46 -0500
Will Drewry <wad@xxxxxxxxxxxx> wrote:
> From: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
>
> With this set, a lot of dangerous operations (chroot, unshare, etc)
> become a lot less dangerous because there is no possibility of
> subverting privileged binaries.
>
> This patch completely breaks apparmor. Someone who understands (and
> uses) apparmor should fix it or at least give me a hint.
So [patch 2/15] fixes all this up?
I guess we should join the two patches into one, to avoid a silly
breakage window. That means that John loses a brownie point, but we
can mention him in the changelog, include his signed-off-by:
> Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
Several of these patches are missing your signed-off-by:. They should
all have your SOB, because you sent them.
Documentation/SubmittingPatches explains this.
I'm trying to find a way to merge all this code without reviewing it ;)
Alas, this is against my rules. Given the length of time for which
this patchset has been floating around, I'm a little surprised by the
lack of acked-by's and reviewed-by's. Have you been gathering them all
up? Are the networking guys all happy about this patchset?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/