All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrew Lutomirski <luto@mit.edu>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Markus Gutschke <markus@chromium.org>,
	Will Drewry <wad@chromium.org>,
	Cyrill Gorcunov <gorcunov@openvz.org>,
	linux-security-module@vger.kernel.org,
	Al Viro <viro@zeniv.linux.org.uk>,
	linux-fsdevel@vger.kernel.org,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [REVIEW][PATCH 0/43] Completing the user namespace
Date: Tue, 10 Apr 2012 16:56:54 -0700	[thread overview]
Message-ID: <CAObL_7GFkNfQggDNZ+MicdeTe7duJY7cJJELHcb2-vxHHJkS_g@mail.gmail.com> (raw)
In-Reply-To: <m14nsrtady.fsf@fess.ebiederm.org>

On Tue, Apr 10, 2012 at 4:50 PM, Eric W. Biederman
<ebiederm@xmission.com> wrote:
> Andrew Lutomirski <luto@mit.edu> writes:
>
>> On Tue, Apr 10, 2012 at 2:59 PM, Eric W. Biederman
>> <ebiederm@xmission.com> wrote:
>>> Andy Lutomirski <luto@MIT.EDU> writes:
>>>
>>> My understanding of no_new_privs is that current_cred() including
>>> the user, the user namespace and the security label will never change,
>>> with the goal of making the security analysis simple.
>>
>> They can change but only if you already have the privilege to change
>> them yourself and then you do so.  For example, PR_SET_NO_NEW_PRIVS,
>> setuid, then drop caps is allowed and useful -- it's a race-free way
>> to make sure that a given uid never executes without no_new_privs set.
>>  I've implemented this as a pam module.
>
> Careful.  There is the security_task_fix_setuid call that will raise
> your capabilities from cap->effective to cap->permitted if you call
> setuid(0).  Which in the general case means you can regain all of the
> root privileges if you only have CAP_SETUID.
>

That's fine.  If you're running with CAP_SETUID and default
securebits, then you effectively have all capabilities already and
don't need to exploit setuid binaries to gain them.  no_new_privs
doesn't change that.  If you don't want to be able to gain all privs,
change securebits or drop CAP_SETUID.  seccomp reduces the kernel
attack surface; no_new_privs reduces the userspace attack surface.
But see below...


>
>>> I don't recall how seccomp filters are dealt with if you don't have
>>> no_new_privs enabled.  If seccomp filters installed by root
>>> are dropped when we change privilege levels it might be worth looking
>>> at how to keep a seccomp filter installed as long as you stay in
>>> a user namespace.
>>>
>>
>> They're not dropped.  I think in the current implementation they can't
>> be dropped at all.
>
> Which makes sense.   Is this why you need no_new_privs?  So you can't run
> seccomp on higher privileged executables and confusing them into keeping
> privileges when they should not?

Exactly.  seccomp is flexible enough that it's probably possible to
confuse many setuid executables with it.

>
>>> The emphasis is a bit different from new_new_privs as the user_namespace
>>> does not need to guarantee that the lsm will not change security labels,
>>> etc.
>>
>> Hmm.  Is this safe?  For example, if there's a program that LSM policy
>> grants extra privileges that malfunctions when run inside a user
>> namespace, can that be used to break out of LSM restrictions?
>
> I can't see how it would not be safe.
>
> Except for the user namespace pointer the state the LSM and the rest of
> the kernel sees is the same state the kernel sees.  Aka userspace sees
> uid 0, the LSM does not.  So I don't know why a LSM would get confused.
>
> Beyond that it is a bug for an LSM to grant permissions beyond the
> core DAC model.  So the worst I can see is an LSM not grokking user
> namespaces and getting confused and not restricting a process as
> much as the designer of the LSM would like.

Right.  Suppose you have some program that has extra restrictions
applied by an LSM.  It executes a helper (e.g. Apache's suidexec
thing, but I bet there are more examples) which is supposed to be very
careful not to leak privileges.  The LSM is set to restrict that
helper less than the parent process.  But that program was written
before user namespaces existed, and it has a bug (or missing feature)
that allows its parent to exploit it when run inside an unmapped user
namespace.  The parent can now escape from the LSM restrictions.

no_new_privs is designed to prevent exactly this issue.


>>
>> If a user namespace has no visible effect on processes that aren't
>> descendents of whoever created it, then creating one in no_new_privs
>> mode should be safe.  On the other hand, it could be somewhat useless.
>
> Creating a user namespace will allowing a process access to more kernel
> facilities.  Aka you can (or at least will be able to) create network
> namespaces and mount namespaces and the like.  That increases the
> surface of the kernel an attacker can hit.
>
> So in a perfect kernel there are no affects on others.  In a scenario
> where you are limiting how much of the kernel a user can use I think
> you would want that.
>
> Still given that you aren't doing the very restrictive current_cred()
> must not change I don't know how it matters, and a bpf based seccomp can
> pretty easily filter out new user namespace creation.  Shrug.

I'm not worried about that.  I'm more interested in whether
unprivileged user namespace creation should require nnp and/or whether
someone might want a mode in which a task is has nnp set but can
create a user namespace that allows setuid execution inside the
namespace in spite of the nnp setting.  The latter is probably rather
complicated to get right and depends on nonexistent filesystem
features.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

  reply	other threads:[~2012-04-10 23:56 UTC|newest]

Thread overview: 227+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-08  5:10 [REVIEW][PATCH 0/43] Completing the user namespace Eric W. Biederman
2012-04-08  5:10 ` Eric W. Biederman
2012-04-08  5:10 ` Eric W. Biederman
     [not found] ` <m11unyn70b.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-08  5:14   ` [PATCH 01/43] vfs: Don't allow a user namespace root to make device nodes "Eric W. Beiderman
2012-04-08  5:14     ` "Eric W. Beiderman
2012-04-08  5:14     ` "Eric W. Beiderman
2012-04-08  5:14   ` [PATCH 02/43] userns: Kill bogus declaration of function release_uids "Eric W. Beiderman
2012-04-08  5:14     ` "Eric W. Beiderman
2012-04-08  5:14     ` "Eric W. Beiderman
2012-04-08  5:14   ` [PATCH 03/43] userns: Replace netlink uses of cap_raised with capable "Eric W. Beiderman
2012-04-08  5:14     ` "Eric W. Beiderman
2012-04-08  5:14     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 04/43] userns: Remove unnecessary cast to struct user_struct when copying cred->user "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 05/43] cred: Add forward declaration of init_user_ns in all cases "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 06/43] userns: Use cred->user_ns instead of cred->user->user_ns "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 07/43] cred: Refcount the user_ns pointed to by the cred "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 08/43] userns: Add an explicit reference to the parent user namespace "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 09/43] mqueue: Explicitly capture the user namespace to send the notification to "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 10/43] userns: Deprecate and rename the user_namespace reference in the user_struct "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 11/43] userns: Start out with a full set of capabilities "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 12/43] userns: Replace the hard to write inode_userns with inode_capable "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 13/43] userns: Add kuid_t and kgid_t and associated infrastructure in uidgid.h "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 14/43] userns: Add a Kconfig option to enforce strict kuid and kgid type checks "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 15/43] userns: Disassociate user_struct from the user_namespace "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 16/43] userns: Simplify the user_namespace by making userns->creator a kuid "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-18 18:48     ` Serge E. Hallyn
     [not found]       ` <20120418184847.GA4984-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-20 22:58         ` Eric W. Biederman
2012-04-20 22:58       ` Eric W. Biederman
     [not found]         ` <m1aa266meh.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-24 17:33           ` Serge E. Hallyn
2012-04-24 17:33             ` Serge E. Hallyn
     [not found]             ` <20120424173347.GA14017-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-24 19:41               ` Eric W. Biederman
2012-04-24 19:41                 ` Eric W. Biederman
     [not found]                 ` <m14ns8lxyc.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-24 20:23                   ` Serge E. Hallyn
2012-04-24 20:23                     ` Serge E. Hallyn
2012-04-26  9:09                     ` Eric W. Biederman
     [not found]                       ` <m1ehradfl3.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-26 16:21                         ` Serge E. Hallyn
2012-04-26 16:21                           ` Serge E. Hallyn
     [not found]                     ` <20120424202301.GA11326-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-26  9:09                       ` Eric W. Biederman
     [not found]     ` <1333862139-31737-16-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:48       ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 17/43] userns: Rework the user_namespace adding uid/gid mapping support "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
     [not found]     ` <1333862139-31737-17-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:49       ` Serge E. Hallyn
2012-04-18 18:49         ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 18/43] userns: Convert group_info values from gid_t to kgid_t "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
     [not found]     ` <1333862139-31737-18-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:49       ` Serge E. Hallyn
2012-04-18 18:49     ` Serge E. Hallyn
     [not found]       ` <20120418184936.GC4984-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-20 23:05         ` Eric W. Biederman
2012-04-20 23:05           ` Eric W. Biederman
2012-04-08  5:15   ` [PATCH 19/43] userns: Store uid and gid values in struct cred with kuid_t and kgid_t types "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-18 18:49     ` Serge E. Hallyn
     [not found]     ` <1333862139-31737-19-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:49       ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 20/43] userns: Replace user_ns_map_uid and user_ns_map_gid with from_kuid and from_kgid "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-18 18:49     ` Serge E. Hallyn
     [not found]     ` <1333862139-31737-20-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:49       ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 21/43] userns: Convert sched_set_affinity and sched_set_scheduler's permission checks "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 22/43] userns: Convert capabilities related permsion checks "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-18 18:51     ` Serge E. Hallyn
     [not found]       ` <20120418185106.GG4984-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-20 23:18         ` Eric W. Biederman
2012-04-20 23:18           ` Eric W. Biederman
     [not found]     ` <1333862139-31737-22-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:51       ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 23/43] userns: Convert setting and getting uid and gid system calls to use kuid and kgid "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
     [not found]     ` <1333862139-31737-23-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-26 16:20       ` Serge E. Hallyn
2012-04-26 16:20         ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 24/43] userns: Convert ptrace, kill, set_priority permission checks to work with kuids and kgids "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
     [not found]     ` <1333862139-31737-24-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:56       ` Serge E. Hallyn
2012-04-18 18:56     ` Serge E. Hallyn
     [not found]       ` <20120418185610.GA5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-20 23:51         ` Eric W. Biederman
2012-04-20 23:51           ` Eric W. Biederman
2012-04-08  5:15   ` [PATCH 25/43] userns: Store uid and gid types in vfs structures with kuid_t and kgid_t types "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-18 18:57     ` Serge E. Hallyn
     [not found]     ` <1333862139-31737-25-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:57       ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 26/43] userns: Convert in_group_p and in_egroup_p to use kgid_t "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-18 18:58     ` Serge E. Hallyn
     [not found]     ` <1333862139-31737-26-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:58       ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 27/43] userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 28/43] userns: Convert user specfied uids and gids in chown into kuids and kgid "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
     [not found]     ` <1333862139-31737-28-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:03       ` Serge E. Hallyn
2012-04-18 19:03         ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 29/43] userns: Convert stat to return values mapped from kuids and kgids "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
     [not found]     ` <1333862139-31737-29-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:03       ` Serge E. Hallyn
2012-04-18 19:03     ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 30/43] userns: Fail exec for suid and sgid binaries with ids outside our user namespace "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-18 19:05     ` Serge E. Hallyn
     [not found]     ` <1333862139-31737-30-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:05       ` Serge E. Hallyn
2012-04-18 19:09       ` Serge E. Hallyn
2012-04-18 19:09     ` Serge E. Hallyn
     [not found]       ` <20120418190927.GK5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-24  2:28         ` Eric W. Biederman
2012-04-24  2:28           ` Eric W. Biederman
     [not found]           ` <m1ehrdrhgr.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-24 15:10             ` Serge Hallyn
2012-04-24 15:10               ` Serge Hallyn
2012-04-08  5:15   ` [PATCH 31/43] userns: Teach inode_capable to understand inodes whose uids map to other namespaces "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
     [not found]     ` <1333862139-31737-31-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:06       ` Serge E. Hallyn
2012-04-18 19:06         ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 32/43] userns: signal remove unnecessary map_cred_ns "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
     [not found]     ` <1333862139-31737-32-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:07       ` Serge E. Hallyn
2012-04-18 19:07     ` Serge E. Hallyn
2012-04-08  5:15   ` [PATCH 33/43] userns: Convert binary formats to use kuid/kgid where appropriate "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
     [not found]     ` <1333862139-31737-33-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:10       ` Serge E. Hallyn
2012-04-18 19:10     ` Serge E. Hallyn
2012-04-24  2:44       ` Eric W. Biederman
     [not found]       ` <20120418191033.GL5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-24  2:44         ` Eric W. Biederman
2012-04-08  5:15   ` [PATCH 34/43] userns: Convert devpts " "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 35/43] userns: Convert ext2 " "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15     ` "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 36/43] userns: Convert ext3 " "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 37/43] userns: Convert ext4 to user " "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 38/43] userns: Convert proc to use " "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 39/43] userns: Convert sysctl permission checks to use kuid and kgids "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 40/43] userns: Convert sysfs to use kgid/kuid where appropriate "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 41/43] userns: Convert tmpfs to use kuid and kgid " "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 42/43] userns: Convert cgroup permission checks to use uid_eq "Eric W. Beiderman
2012-04-08  5:15   ` [PATCH 43/43] userns: Convert the move_pages, and migrate_pages " "Eric W. Beiderman
2012-04-08 14:54   ` [REVIEW][PATCH 0/43] Completing the user namespace Serge Hallyn
2012-04-08 17:40   ` richard -rw- weinberger
2012-05-11 23:20   ` Please include user-namespace.git in linux-next Eric W. Biederman
2012-05-11 23:20     ` Eric W. Biederman
     [not found]     ` <m1likyz4mh.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-05-13 23:35       ` Stephen Rothwell
2012-05-13 23:35         ` Stephen Rothwell
2012-05-13 23:35         ` Stephen Rothwell
2012-05-21  2:25     ` Tetsuo Handa
2012-05-22 17:26       ` Eric W. Biederman
2012-04-08  5:15 ` [PATCH 21/43] userns: Convert sched_set_affinity and sched_set_scheduler's permission checks "Eric W. Beiderman
     [not found]   ` <1333862139-31737-21-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:50     ` Serge E. Hallyn
2012-04-18 18:50   ` Serge E. Hallyn
2012-04-08  5:15 ` [PATCH 27/43] userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs "Eric W. Beiderman
     [not found]   ` <1333862139-31737-27-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:02     ` Serge E. Hallyn
2012-04-18 19:02       ` Serge E. Hallyn
2012-04-21  0:05       ` Eric W. Biederman
     [not found]       ` <20120418190213.GD5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-21  0:05         ` Eric W. Biederman
2012-04-18 19:03     ` Serge E. Hallyn
2012-04-18 19:03       ` Serge E. Hallyn
     [not found]       ` <20120418190337.GE5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-21  0:58         ` Eric W. Biederman
2012-04-21  0:58           ` Eric W. Biederman
     [not found]           ` <m1sjfx2950.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-24 17:41             ` Serge E. Hallyn
2012-04-26  0:11             ` Serge E. Hallyn
2012-04-26  0:11               ` Serge E. Hallyn
     [not found]               ` <20120426001101.GA10308-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-26  5:33                 ` Eric W. Biederman
2012-04-26  5:33                   ` Eric W. Biederman
2012-04-24 17:41           ` Serge E. Hallyn
2012-04-08  5:15 ` [PATCH 36/43] userns: Convert ext3 to use kuid/kgid where appropriate "Eric W. Beiderman
2012-04-08  5:15 ` [PATCH 37/43] userns: Convert ext4 to user " "Eric W. Beiderman
2012-04-08  5:15 ` [PATCH 38/43] userns: Convert proc to use " "Eric W. Beiderman
2012-04-08  5:15 ` [PATCH 39/43] userns: Convert sysctl permission checks to use kuid and kgids "Eric W. Beiderman
2012-04-08  5:15 ` [PATCH 40/43] userns: Convert sysfs to use kgid/kuid where appropriate "Eric W. Beiderman
2012-04-08  5:15 ` [PATCH 41/43] userns: Convert tmpfs to use kuid and kgid " "Eric W. Beiderman
2012-04-08  5:15 ` [PATCH 42/43] userns: Convert cgroup permission checks to use uid_eq "Eric W. Beiderman
2012-04-08  5:15 ` [PATCH 43/43] userns: Convert the move_pages, and migrate_pages " "Eric W. Beiderman
2012-04-08 14:54 ` [REVIEW][PATCH 0/43] Completing the user namespace Serge Hallyn
2012-04-08 17:40 ` richard -rw- weinberger
2012-04-08 17:40   ` richard -rw- weinberger
     [not found]   ` <CAFLxGvwyx6S6+eZtR=UNSQe_O+W7oZW=GosseL54HGpjtYGXjg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-04-08 21:30     ` Eric W. Biederman
2012-04-08 21:30       ` Eric W. Biederman
     [not found]       ` <m1iph9ewsy.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-08 22:04         ` richard -rw- weinberger
2012-04-08 22:04           ` richard -rw- weinberger
2012-04-08 22:52           ` Eric W. Biederman
     [not found]           ` <CAFLxGvwHtA028V2XudM-5HXmXCPw5ENL5E_nHKZh_gbrsRV69g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-04-08 22:52             ` Eric W. Biederman
2012-04-10 19:01 ` Andy Lutomirski
2012-04-10 21:59   ` Eric W. Biederman
2012-04-10 22:15     ` Andrew Lutomirski
2012-04-10 23:01       ` Markus Gutschke
2012-04-11  0:04         ` Eric W. Biederman
2012-04-10 23:50       ` Eric W. Biederman
2012-04-10 23:56         ` Andrew Lutomirski [this message]
2012-04-11  1:01           ` Eric W. Biederman
2012-04-11  1:00             ` Andrew Lutomirski
2012-04-11  1:14               ` Eric W. Biederman
2012-04-11  1:22                 ` Andrew Lutomirski
2012-04-11  4:37                 ` Serge Hallyn
2012-04-11  4:33             ` Serge Hallyn
2012-04-11  4:16         ` Serge Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAObL_7GFkNfQggDNZ+MicdeTe7duJY7cJJELHcb2-vxHHJkS_g@mail.gmail.com \
    --to=luto@mit.edu \
    --cc=akpm@linux-foundation.org \
    --cc=ebiederm@xmission.com \
    --cc=gorcunov@openvz.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=markus@chromium.org \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=wad@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.