Allowing mapping supplemental groups in user namespace?

From: Dmitry Torokhov
Date: Thu Feb 28 2019 - 14:27:56 EST

Next message: kbuild test robot: "Re: [PATCH v2] appletalk: Fix use-after-free in atalk_proc_exit"
Previous message: Gustavo A. R. Silva: "[PATCH v2] x86/syscalls: Mark expected switch fall-throughs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Eric,

Currently, unless caller has CAP_SETGID in parent namespace, we can
only map effective group id in the new user namespace. Would it be
possible to relax this rule to also allow mapping of supplemental
groups (1:1) of the caller?

Thanks.

--
Dmitry

Next message: kbuild test robot: "Re: [PATCH v2] appletalk: Fix use-after-free in atalk_proc_exit"
Previous message: Gustavo A. R. Silva: "[PATCH v2] x86/syscalls: Mark expected switch fall-throughs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]