Re: [PATCH 5/9] Allow ptrace from non-init user namespaces

From: Daniel Lezcano
Date: Sat Feb 19 2011 - 12:50:13 EST

Next message: Daniel Lezcano: "Re: [PATCH 6/9] user namespaces: convert all capable checks in kernel/sys.c"
Previous message: Pavel Machek: "Re: [PATCH 0/10] Add yaffs2 file system: Fifth patchset"
In reply to: Serge E. Hallyn: "Re: [PATCH 5/9] Allow ptrace from non-init user namespaces"
Next in thread: Andrew Morton: "Re: userns: targeted capabilities v5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/17/2011 04:03 PM, Serge E. Hallyn wrote:

ptrace is allowed to tasks in the same user namespace according to
the usual rules (i.e. the same rules as for two tasks in the init
user namespace). ptrace is also allowed to a user namespace to
which the current task the has CAP_SYS_PTRACE capability.

Changelog:
Dec 31: Address feedback by Eric:
. Correct ptrace uid check
. Rename may_ptrace_ns to ptrace_capable
. Also fix the cap_ptrace checks.
Jan 1: Use const cred struct
Jan 11: use task_ns_capable() in place of ptrace_capable().

Signed-off-by: Serge E. Hallyn<serge.hallyn@xxxxxxxxxxxxx>

Acked-by: Daniel Lezcano <daniel.lezcano@xxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Lezcano: "Re: [PATCH 6/9] user namespaces: convert all capable checks in kernel/sys.c"
Previous message: Pavel Machek: "Re: [PATCH 0/10] Add yaffs2 file system: Fifth patchset"
In reply to: Serge E. Hallyn: "Re: [PATCH 5/9] Allow ptrace from non-init user namespaces"
Next in thread: Andrew Morton: "Re: userns: targeted capabilities v5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]