From: Tejun Heo <tj@kernel.org>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: John Stultz <john.stultz@linaro.org>,
lkml <linux-kernel@vger.kernel.org>,
Li Zefan <lizefan@huawei.com>, Jonathan Corbet <corbet@lwn.net>,
cgroups@vger.kernel.org,
Android Kernel Team <kernel-team@android.com>,
Rom Lemarchand <romlem@android.com>,
Colin Cross <ccross@android.com>,
Dmitry Shmidt <dimitrysh@google.com>,
Todd Kjos <tkjos@google.com>,
Christian Poetzsch <christian.potzsch@imgtec.com>,
Amit Pundir <amit.pundir@linaro.org>
Subject: Re: [RFC][PATCH 0/2] Another pass at Android style loosening of cgroup attach permissions
Date: Tue, 4 Oct 2016 16:33:01 -0400 [thread overview]
Message-ID: <20161004203301.GK4205@htj.duckdns.org> (raw)
In-Reply-To: <20161004201840.GA27018@mail.hallyn.com>
Hello, Serge.
On Tue, Oct 04, 2016 at 03:18:40PM -0500, Serge E. Hallyn wrote:
> how about changing the GLOBAL_ROOT_UID check with a targeted
> capability check, like
>
> if (!ns_capable(tcred->user_ns, CAP_SYS_NICE) &&
> !uid_eq(cred->euid, tcred->uid) &&
> !uid_eq(cred->euid, tcred->suid))
> ret = -EACCES;
>
> where the actual capability to use may require some thought.
Yeah, that's the direction I'm thinking too. We can't use
CAP_SYS_NICE in general tho. Let's see if a dedicated CAP sticks.
Thanks.
--
tejun
next prev parent reply other threads:[~2016-10-04 20:33 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-04 4:41 [RFC][PATCH 0/2] Another pass at Android style loosening of cgroup attach permissions John Stultz
2016-10-04 4:41 ` [PATCH 1/2] cgroup: Add generic cgroup subsystem permission checks John Stultz
2016-10-05 19:09 ` Dmitry Torokhov
2016-10-05 19:16 ` John Stultz
2016-10-05 19:23 ` Dmitry Torokhov
2016-10-04 4:41 ` [PATCH 2/2] cgroup: Add a allow_attach policy for Android John Stultz
2016-10-05 19:10 ` Dmitry Torokhov
2016-10-05 19:18 ` John Stultz
2016-10-06 22:43 ` Dmitry Torokhov
2016-10-06 22:52 ` Dmitry Torokhov
2016-10-04 16:16 ` [RFC][PATCH 0/2] Another pass at Android style loosening of cgroup attach permissions Tejun Heo
2016-10-04 18:01 ` John Stultz
2016-10-04 19:38 ` Tejun Heo
2016-10-04 19:46 ` John Stultz
2016-10-04 19:49 ` Tejun Heo
2016-10-04 20:18 ` Serge E. Hallyn
2016-10-04 20:33 ` Tejun Heo [this message]
2016-10-04 21:26 ` Serge E. Hallyn
2016-10-04 21:29 ` Tejun Heo
2016-10-04 18:03 ` John Stultz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161004203301.GK4205@htj.duckdns.org \
--to=tj@kernel.org \
--cc=amit.pundir@linaro.org \
--cc=ccross@android.com \
--cc=cgroups@vger.kernel.org \
--cc=christian.potzsch@imgtec.com \
--cc=corbet@lwn.net \
--cc=dimitrysh@google.com \
--cc=john.stultz@linaro.org \
--cc=kernel-team@android.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=romlem@android.com \
--cc=serge@hallyn.com \
--cc=tkjos@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).