[Devel] [PATCH rh7] user_ns: Enable USER_NS /proc/$pid/ns/user link
Andrey Wagin
avagin at gmail.com
Thu Oct 8 02:18:56 PDT 2015
2015-10-08 12:07 GMT+03:00 Andrew Vagin <avagin at odin.com>:
> On Tue, Oct 06, 2015 at 01:15:38PM +0300, Kirill Tkhai wrote:
>> Since we use user_ns inside a CT, vzctl should have
>> a possibility to enter a VE using it's init_cred->user_ns.
>>
>> setns is allowed for a tasks who are CAP_SYSADMIN in the ns,
>> i.e. a task from a parent user_ns, but vice versa is not true.
>> So this should be safe.
>
> Acked-by: Kirill Tkhai <ktkhai at odin.com>
I mean Andrew Vagin <avagin at openvz.org> :)
>
>>
>> Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
>> ---
>> fs/proc/namespaces.c | 3 +--
>> 1 file changed, 1 insertion(+), 2 deletions(-)
>>
>> diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
>> index ec7e269..54bdc67 100644
>> --- a/fs/proc/namespaces.c
>> +++ b/fs/proc/namespaces.c
>> @@ -28,8 +28,7 @@ static const struct proc_ns_operations *ns_entries[] = {
>> #ifdef CONFIG_PID_NS
>> &pidns_operations,
>> #endif
>> -/* Currently disabled in RHEL */
>> -#if 0
>> +#ifdef CONFIG_USER_NS
>> &userns_operations,
>> #endif
>> &mntns_operations,
>>
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://lists.openvz.org/mailman/listinfo/devel
More information about the Devel
mailing list