Re: [PATCH 0/3] Introduce user namespace capabilities
From: Jarkko Sakkinen
Date: Thu May 16 2024 - 09:36:24 EST
On Thu May 16, 2024 at 4:30 PM EEST, Ben Boeckel wrote:
> On Thu, May 16, 2024 at 02:22:02 -0700, Jonathan Calmels wrote:
> > Jonathan Calmels (3):
> > capabilities: user namespace capabilities
> > capabilities: add securebit for strict userns caps
> > capabilities: add cap userns sysctl mask
> >
> > fs/proc/array.c | 9 ++++
> > include/linux/cred.h | 3 ++
> > include/linux/securebits.h | 1 +
> > include/linux/user_namespace.h | 7 +++
> > include/uapi/linux/prctl.h | 7 +++
> > include/uapi/linux/securebits.h | 11 ++++-
> > kernel/cred.c | 3 ++
> > kernel/sysctl.c | 10 ++++
> > kernel/umh.c | 16 +++++++
> > kernel/user_namespace.c | 83 ++++++++++++++++++++++++++++++---
> > security/commoncap.c | 59 +++++++++++++++++++++++
> > security/keys/process_keys.c | 3 ++
> > 12 files changed, 204 insertions(+), 8 deletions(-)
>
> I note a lack of any changes to `Documentation/` which seems quite
> glaring for something with such a userspace visibility aspect to it.
>
> --Ben
Yeah, also in cover letter it would be nice to refresh what is
a bounding set. I had to xref that (recalled what it is), and
then got bored reading the rest :-)
Not exactly in the nutshell cover letter tbh, but maybe the
content in that would be better put to Documentation/
BR, Jarkko