Google Git
Sign in
kernel / pub / scm / linux / kernel / git / sergeh / linux-security / 11237e0f2da93f75f6b5bba64e89d273ebc3bb4f
commit11237e0f2da93f75f6b5bba64e89d273ebc3bb4f[log] [tgz]
authorSerge Hallyn <serge.hallyn@ubuntu.com>Mon Nov 23 09:43:54 2015 -0600
committerSerge Hallyn <serge.hallyn@ubuntu.com>Fri Nov 27 19:24:18 2015 -0600
tree61ca8b8192d2109ac6f19c5f78bf6b14184ccc36
parent3ad5d7e06a96d54a55acb5ab25938a06814605c8 [diff]
ns vfs caps: first stab

New format for file capabilities, supporting per-container
capabilities.  For now the capability must be written by
root on the host, but a new [gs]etfscap syscall would
support containers setting file capabilities for their
files, honored only in their own namespace.

File capabilities only work for containers which have a root
uid defined.  We may want to at least allow -1 uids to work
in all namespaces.

We may want to allow uid ranges on capabilities.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
4 files changed
tree: 61ca8b8192d2109ac6f19c5f78bf6b14184ccc36
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS