Re: [PATCH 0/3] Introduce user namespace capabilities

From: Ben Boeckel
Date: Thu May 16 2024 - 09:32:30 EST

Next message: Doug Anderson: "Re: [PATCH v8 0/6] Break out as separate driver and add BOE nv110wum-l60 IVO t109nw41 MIPI-DSI panel"
Previous message: Lukas Hruska: "[PATCH v2 6/6] selftests: livepatch: Test livepatching function using an external symbol"
In reply to: Jarkko Sakkinen: "Re: [PATCH 3/3] capabilities: add cap userns sysctl mask"
Next in thread: Jarkko Sakkinen: "Re: [PATCH 0/3] Introduce user namespace capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 16, 2024 at 02:22:02 -0700, Jonathan Calmels wrote:
> Jonathan Calmels (3):
> capabilities: user namespace capabilities
> capabilities: add securebit for strict userns caps
> capabilities: add cap userns sysctl mask
>
> fs/proc/array.c | 9 ++++
> include/linux/cred.h | 3 ++
> include/linux/securebits.h | 1 +
> include/linux/user_namespace.h | 7 +++
> include/uapi/linux/prctl.h | 7 +++
> include/uapi/linux/securebits.h | 11 ++++-
> kernel/cred.c | 3 ++
> kernel/sysctl.c | 10 ++++
> kernel/umh.c | 16 +++++++
> kernel/user_namespace.c | 83 ++++++++++++++++++++++++++++++---
> security/commoncap.c | 59 +++++++++++++++++++++++
> security/keys/process_keys.c | 3 ++
> 12 files changed, 204 insertions(+), 8 deletions(-)

I note a lack of any changes to `Documentation/` which seems quite
glaring for something with such a userspace visibility aspect to it.

--Ben

Next message: Doug Anderson: "Re: [PATCH v8 0/6] Break out as separate driver and add BOE nv110wum-l60 IVO t109nw41 MIPI-DSI panel"
Previous message: Lukas Hruska: "[PATCH v2 6/6] selftests: livepatch: Test livepatching function using an external symbol"
In reply to: Jarkko Sakkinen: "Re: [PATCH 3/3] capabilities: add cap userns sysctl mask"
Next in thread: Jarkko Sakkinen: "Re: [PATCH 0/3] Introduce user namespace capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]