Re: Allowing mapping supplemental groups in user namespace?

From: Serge E. Hallyn
Date: Thu Mar 28 2019 - 14:05:06 EST

Next message: Gustavo A. R. Silva: "[PATCH][next] iavf: use struct_size() in kzalloc()"
Previous message: Martin Blumenstingl: "Re: 32-bit Amlogic (ARM) SoC: kernel BUG in kfree()"
Next in thread: Dmitry Torokhov: "Re: Allowing mapping supplemental groups in user namespace?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 28, 2019 at 11:27:38AM -0800, Dmitry Torokhov wrote:
> Hi Eric,
>
> Currently, unless caller has CAP_SETGID in parent namespace, we can
> only map effective group id in the new user namespace. Would it be
> possible to relax this rule to also allow mapping of supplemental
> groups (1:1) of the caller?
>
> Thanks.
>
> --
> Dmitry

Hi,

Is there a use case where adding those to /etc/subgid is onerous?
(There probably is, just would like to see yours)

thanks,
-serge

Next message: Gustavo A. R. Silva: "[PATCH][next] iavf: use struct_size() in kzalloc()"
Previous message: Martin Blumenstingl: "Re: 32-bit Amlogic (ARM) SoC: kernel BUG in kfree()"
Next in thread: Dmitry Torokhov: "Re: Allowing mapping supplemental groups in user namespace?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]