[Devel] [PATCH rh7] user_ns: Enable USER_NS /proc/$pid/ns/user link
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Oct 8 01:55:04 PDT 2015
Andrey, please review.
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
On 10/06/2015 01:15 PM, Kirill Tkhai wrote:
> Since we use user_ns inside a CT, vzctl should have
> a possibility to enter a VE using it's init_cred->user_ns.
>
> setns is allowed for a tasks who are CAP_SYSADMIN in the ns,
> i.e. a task from a parent user_ns, but vice versa is not true.
> So this should be safe.
>
> Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
> ---
> fs/proc/namespaces.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
> index ec7e269..54bdc67 100644
> --- a/fs/proc/namespaces.c
> +++ b/fs/proc/namespaces.c
> @@ -28,8 +28,7 @@ static const struct proc_ns_operations *ns_entries[] = {
> #ifdef CONFIG_PID_NS
> &pidns_operations,
> #endif
> -/* Currently disabled in RHEL */
> -#if 0
> +#ifdef CONFIG_USER_NS
> &userns_operations,
> #endif
> &mntns_operations,
>
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://lists.openvz.org/mailman/listinfo/devel
>
More information about the Devel
mailing list