Re: different capability from different namespace required for prctl_set_mm_exe_file

From: Cyrill Gorcunov
Date: Tue Sep 25 2018 - 14:54:46 EST

Next message: Song Liu: "Re: [PATCH v2 bpf-next 03/10] bpf: introduce per-cpu cgroup local storage"
Previous message: Matthias Kaehlcke: "[PATCH v3 2/2] device property: Add device_get_bd_address() and fwnode_get_bd_address()"
In reply to: Greg KH: "Re: different capability from different namespace required for prctl_set_mm_exe_file"
Next in thread: TongZhang: "Re: different capability from different namespace required for prctl_set_mm_exe_file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 25, 2018 at 08:40:54PM +0200, Greg KH wrote:
> >
> > It is done this way on purpose. The prctl_set_mm_map is a complex call
> > which carries a bunch of parameters and allowed if you're inside user-ns admin,
> > in turn prctl_set_mm allows to modify settings one by one. So no, it is not
> > an error but rather call specifics.
>
> I was hoping that when the submitter went to create such a patch, they
> would have realized that. You learn more when trying to fix a problem
> than when someone has to tell you the answers :)

True :) Next time I'll wait a couple of days.

Next message: Song Liu: "Re: [PATCH v2 bpf-next 03/10] bpf: introduce per-cpu cgroup local storage"
Previous message: Matthias Kaehlcke: "[PATCH v3 2/2] device property: Add device_get_bd_address() and fwnode_get_bd_address()"
In reply to: Greg KH: "Re: different capability from different namespace required for prctl_set_mm_exe_file"
Next in thread: TongZhang: "Re: different capability from different namespace required for prctl_set_mm_exe_file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]