Re: [PATCH 1/3] capabilities: user namespace capabilities

From: Eric W. Biederman
Date: Fri May 17 2024 - 08:13:31 EST

Next message: Juergen Gross: "[PATCH] x86/kvm/tdx: Save %rbp in TDX_MODULE_CALL"
Previous message: Michael Ellerman: "[GIT PULL] Please pull powerpc/linux.git powerpc-6.10-1 tag"
In reply to: Jonathan Calmels: "Re: [PATCH 1/3] capabilities: user namespace capabilities"
Next in thread: Jonathan Calmels: "Re: [PATCH 1/3] capabilities: user namespace capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jonathan Calmels <jcalmels@xxxxxxxx> writes:

> Attackers often rely on user namespaces to get elevated (yet confined)
> privileges in order to target specific subsystems (e.g. [1]). Distributions
> have been pretty adamant that they need a way to configure these, most of
> them carry out-of-tree patches to do so, or plainly refuse to enable
> them.

Pointers please?

That sentence sounds about 5 years out of date.

Eric

Next message: Juergen Gross: "[PATCH] x86/kvm/tdx: Save %rbp in TDX_MODULE_CALL"
Previous message: Michael Ellerman: "[GIT PULL] Please pull powerpc/linux.git powerpc-6.10-1 tag"
In reply to: Jonathan Calmels: "Re: [PATCH 1/3] capabilities: user namespace capabilities"
Next in thread: Jonathan Calmels: "Re: [PATCH 1/3] capabilities: user namespace capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]