[Devel] [PATCH rh7] user_ns: Enable USER_NS /proc/$pid/ns/user link
Andrew Vagin
avagin at odin.com
Thu Oct 8 02:07:51 PDT 2015
On Tue, Oct 06, 2015 at 01:15:38PM +0300, Kirill Tkhai wrote:
> Since we use user_ns inside a CT, vzctl should have
> a possibility to enter a VE using it's init_cred->user_ns.
>
> setns is allowed for a tasks who are CAP_SYSADMIN in the ns,
> i.e. a task from a parent user_ns, but vice versa is not true.
> So this should be safe.
Acked-by: Kirill Tkhai <ktkhai at odin.com>
>
> Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
> ---
> fs/proc/namespaces.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
> index ec7e269..54bdc67 100644
> --- a/fs/proc/namespaces.c
> +++ b/fs/proc/namespaces.c
> @@ -28,8 +28,7 @@ static const struct proc_ns_operations *ns_entries[] = {
> #ifdef CONFIG_PID_NS
> &pidns_operations,
> #endif
> -/* Currently disabled in RHEL */
> -#if 0
> +#ifdef CONFIG_USER_NS
> &userns_operations,
> #endif
> &mntns_operations,
>
More information about the Devel
mailing list