Google Git
Sign in
kernel / pub / scm / linux / kernel / git / sergeh / linux-security / refs/heads/2016-04-22/nsfscaps
commit1bed23943f4b03695c0aa49cc8a25405c30834df[log] [tgz]
authorSerge Hallyn <serge.hallyn@ubuntu.com>Tue Mar 01 00:09:35 2016 +0000
committerSerge Hallyn <serge.hallyn@ubuntu.com>Fri Apr 22 11:10:17 2016 -0500
treebd7b080e554715c7e06c64ccb1853e3022c3074b
parent5f44abd041c5f3be76d57579ab254d78e601315b [diff]
simplified security.nscapability xattr

This can only be set by root in his own namespace, and will
only be respected by namespaces with that same root kuid
mapped as root, or namespaces descended from it.

This allows a simple setxattr to work, allows tar/untar to
work, and allows us to tar in one namespace and untar in
another while preserving the capability, without risking
leaking privilege into a parent namespace.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
4 files changed
tree: bd7b080e554715c7e06c64ccb1853e3022c3074b
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS