Re: [PATCH 0/2] userns: Creation logic fixes

From: Kees Cook
Date: Wed Aug 12 2015 - 02:29:32 EST

On Tue, Aug 11, 2015 at 6:22 PM, Eric W. Biederman
<ebiederm@xxxxxxxxxxxx> wrote:
> So I have take a good hard stare at the problem, as well as sitting down
> and writing some test code to verify the code works the way I think it
> does.
> The following two patches are how I think this bit of chaos needs to be
> solved. If folks could take a once over these patches and possibly test
> them to confirm they fix your issues I would appreciate it.
> Eric W. Biederman (2):
> unshare: Unsharing a thread does not require unsharing a vm
> userns,pidns: Force thread group sharing, not signal handler sharing.
> kernel/fork.c | 32 ++++++++++++++++++--------------
> kernel/user_namespace.c | 4 ++--
> 2 files changed, 20 insertions(+), 16 deletions(-)

Thanks for digging into this!

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>


Kees Cook
Chrome OS Security
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at