* Capabilities are list when creating a user namespace
@ 2020-05-24 12:32 Idan Yadgar
[not found] ` <CAOGVgQEOwRZoPkXwGO1+voD4Z5sPhLs_Q7piTUy15LmwPsZh4A@mail.gmail.com>
0 siblings, 1 reply; 2+ messages in thread
From: Idan Yadgar @ 2020-05-24 12:32 UTC (permalink / raw)
To: dhowells; +Cc: gregkh, tglx, allison, armijn, linux-kernel
Hello,
A process which changes its user namespace (unshare or setns), or a
process that is created by clone with the CLONE_NEWUSER flag has all
capabilities inside the new namespace, and loses all its capabilities
in the parent/previous user namespace.
This poses an issue because some operations require a capability in a
user namespace other then the current one for the process. The man
states multiple times that a system call requires a capability in the
initial user namespace (for example, open_by_handle_at requires
CAP_DAC_READ_SEARCH in the initial user namespace), but this cannot
happen unless the process is owned by root, thus preventing
open_by_handle_at to be run inside a user namespace.
Solving this problem can be done by allowing (via prctl or any other
mechanism) a task to save its
capabilities for a given user namespace, even when it isn't a member
in that namespace.
We would like to hear some thoughts about this issue and our proposed solution.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Capabilities are list when creating a user namespace
[not found] ` <CAOGVgQEOwRZoPkXwGO1+voD4Z5sPhLs_Q7piTUy15LmwPsZh4A@mail.gmail.com>
@ 2020-06-04 5:58 ` Idan Yadgar
0 siblings, 0 replies; 2+ messages in thread
From: Idan Yadgar @ 2020-06-04 5:58 UTC (permalink / raw)
To: dhowells; +Cc: gregkh, tglx, allison, armijn, linux-kernel
Hello, sorry for duplicating the previous email, forgot to send it to
the mailing lists as well.
Did you miss my email?
Idan Yadgar.
On Fri, May 29, 2020 at 5:48 PM Idan Yadgar <idanyadgar@gmail.com> wrote:
>
> Hello, did you miss my mail?
>
> בתאריך יום א׳, 24 במאי 2020, 15:32, מאת Idan Yadgar <idanyadgar@gmail.com>:
>>
>> Hello,
>>
>> A process which changes its user namespace (unshare or setns), or a
>> process that is created by clone with the CLONE_NEWUSER flag has all
>> capabilities inside the new namespace, and loses all its capabilities
>> in the parent/previous user namespace.
>> This poses an issue because some operations require a capability in a
>> user namespace other then the current one for the process. The man
>> states multiple times that a system call requires a capability in the
>> initial user namespace (for example, open_by_handle_at requires
>> CAP_DAC_READ_SEARCH in the initial user namespace), but this cannot
>> happen unless the process is owned by root, thus preventing
>> open_by_handle_at to be run inside a user namespace.
>>
>> Solving this problem can be done by allowing (via prctl or any other
>> mechanism) a task to save its
>> capabilities for a given user namespace, even when it isn't a member
>> in that namespace.
>>
>> We would like to hear some thoughts about this issue and our proposed solution.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-06-04 5:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-24 12:32 Capabilities are list when creating a user namespace Idan Yadgar
[not found] ` <CAOGVgQEOwRZoPkXwGO1+voD4Z5sPhLs_Q7piTUy15LmwPsZh4A@mail.gmail.com>
2020-06-04 5:58 ` Idan Yadgar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).