Jann Horn
|
656d6e6f6d
userns: move user access out of the mutex
|
6 jaren geleden |
Eric W. Biederman
|
a2b426267c
userns,pidns: Verify the userns for new pid namespaces
|
7 jaren geleden |
Ingo Molnar
|
3f07c01441
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h>
|
7 jaren geleden |
Eric W. Biederman
|
7872559664
Merge branch 'nsfs-ioctls' into HEAD
|
8 jaren geleden |
Andrey Vagin
|
a7306ed8d9
nsfs: add ioctl to get a parent namespace
|
8 jaren geleden |
Andrey Vagin
|
bcac25a58b
kernel: add a helper to get an owning user namespace for a namespace
|
8 jaren geleden |
Eric W. Biederman
|
df75e7748b
userns: When the per user per user namespace limit is reached return ENOSPC
|
8 jaren geleden |
Eric W. Biederman
|
25f9c0817c
userns: Generalize the user namespace count into ucount
|
8 jaren geleden |
Eric W. Biederman
|
f6b2db1a3e
userns: Make the count of user namespaces per user
|
8 jaren geleden |
Eric W. Biederman
|
b376c3e1b6
userns: Add a limit on the number of user namespaces
|
8 jaren geleden |
Eric W. Biederman
|
dbec28460a
userns: Add per user namespace sysctls.
|
8 jaren geleden |
Eric W. Biederman
|
b032132c3c
userns: Free user namespaces in process context
|
8 jaren geleden |
Seth Forshee
|
d07b846f62
fs: Limit file caps to the user namespace of the super block
|
9 jaren geleden |
Al Viro
|
70f6cbb6f9
kernel/*: switch to memdup_user_nul()
|
9 jaren geleden |
Andy Lutomirski
|
58319057b7
capabilities: ambient capabilities
|
9 jaren geleden |
Eric W. Biederman
|
faf00da544
userns,pidns: Force thread group sharing, not signal handler sharing.
|
9 jaren geleden |
Linus Torvalds
|
87c31b39ab
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
|
10 jaren geleden |
Eric W. Biederman
|
36476beac4
userns; Correct the comment in map_write
|
10 jaren geleden |
Eric W. Biederman
|
66d2f338ee
userns: Allow setting gid_maps without privilege when setgroups is disabled
|
10 jaren geleden |
Eric W. Biederman
|
9cc46516dd
userns: Add a knob to disable setgroups on a per user namespace basis
|
10 jaren geleden |
Eric W. Biederman
|
f0d62aec93
userns: Rename id_map_mutex to userns_state_mutex
|
10 jaren geleden |
Eric W. Biederman
|
f95d7918bd
userns: Only allow the creator of the userns unprivileged mappings
|
10 jaren geleden |
Eric W. Biederman
|
80dd00a237
userns: Check euid no fsuid when establishing an unprivileged uid mapping
|
10 jaren geleden |
Eric W. Biederman
|
be7c6dba23
userns: Don't allow unprivileged creation of gid mappings
|
10 jaren geleden |
Eric W. Biederman
|
273d2c67c3
userns: Don't allow setgroups until a gid mapping has been setablished
|
10 jaren geleden |
Eric W. Biederman
|
0542f17bf2
userns: Document what the invariant required for safe unprivileged mappings.
|
10 jaren geleden |
Al Viro
|
33c429405a
copy address of proc_ns_ops into ns_common
|
10 jaren geleden |
Al Viro
|
6344c433a4
new helpers: ns_alloc_inum/ns_free_inum
|
10 jaren geleden |
Al Viro
|
64964528b2
make proc_ns_operations work with struct ns_common * instead of void *
|
10 jaren geleden |
Al Viro
|
3c04118461
switch the rest of proc_ns_operations to working with &...->ns
|
10 jaren geleden |