Google Git
Sign in
kernel / pub / scm / linux / kernel / git / kees / linux.git / refs/heads/nak/userns/sysctl-lock
commit0f19f1c20f842c13417b724e9beff40c7858e649[log] [tgz]
authorKees Cook <keescook@chromium.org>Fri Jan 22 14:06:58 2016 -0800
committerKees Cook <keescook@chromium.org>Sun Oct 02 21:57:04 2016 -0700
treecda6a37fd3162e36cd08e72fb8056e5373b9ddb4
parent89071615e676b9c1bab573ffb3f9235a725715fe [diff]
sysctl: allow CLONE_NEWUSER to be disabled

There continues to be many CONFIG_USER_NS related security exposures.
For admins running distro kernels with CONFIG_USER_NS, there is no way
to disable CLONE_NEWUSER. As many systems do not need CLONE_NEWUSER,
this provides a way for sysadmins to disable the feature.

Signed-off-by: Kees Cook <keescook@chromium.org>
3 files changed
tree: cda6a37fd3162e36cd08e72fb8056e5373b9ddb4
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitignore
  26. .mailmap
  27. COPYING
  28. CREDITS
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. README
  34. REPORTING-BUGS