FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-17 06:17:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
aa6d054e5c
linux/kernel
History
Eric W. Biederman aa6d054e5c userns: Add a more complete capability subset test to commit_creds 
When unsharing a user namespace we reduce our credentials to just what
can be done in that user namespace.  This is a subset of the credentials
we previously had.  Teach commit_creds to recognize this is a subset
of the credentials we have had before and don't clear the dumpability flag.

This allows an unprivileged  program to do:
unshare(CLONE_NEWUSER);
fd = open("/proc/self/uid_map", O_RDWR);

Where previously opening the uid_map writable would fail because
the the task had been made non-dumpable.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2012-12-14 18:36:26 -08:00
..
debug KGDB/KDB fixes and cleanups 2012-10-13 11:16:58 +09:00
events pidns: Use task_active_pid_ns where appropriate 2012-11-19 05:59:09 -08:00
gcov
irq irqdomain: augment add_simple() to allocate descs 2012-10-10 08:57:26 +02:00
power
sched userns: Kill task_user_ns 2012-11-20 04:17:44 -08:00
time Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-10-12 22:17:48 +09:00
trace Merge branch 'tip/perf/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace into perf/urgent 2012-10-21 19:53:34 +02:00
.gitignore
acct.c vfs: make path_openat take a struct filename pointer 2012-10-12 20:15:09 -04:00
async.c
audit_tree.c
audit_watch.c audit: optimize audit_compare_dname_path 2012-10-12 00:32:02 -04:00
audit.c fs: handle failed audit_log_start properly 2012-10-09 23:33:37 -04:00
audit.h audit: optimize audit_compare_dname_path 2012-10-12 00:32:02 -04:00
auditfilter.c audit: optimize audit_compare_dname_path 2012-10-12 00:32:02 -04:00
auditsc.c audit: make audit_inode take struct filename 2012-10-12 20:15:09 -04:00
backtracetest.c
bounds.c
capability.c
cgroup_freezer.c
cgroup.c pidns: Use task_active_pid_ns where appropriate 2012-11-19 05:59:09 -08:00
compat.c
configs.c
cpu_pm.c
cpu.c CPU hotplug, debug: detect imbalance between get_online_cpus() and put_online_cpus() 2012-10-09 16:22:15 +09:00
cpuset.c
crash_dump.c
cred.c userns: Add a more complete capability subset test to commit_creds 2012-12-14 18:36:26 -08:00
delayacct.c
dma.c
elfcore.c
exec_domain.c
exit.c pidns: Wait in zap_pid_ns_processes until pid_ns->nr_hashed == 1 2012-11-19 05:59:12 -08:00
extable.c
fork.c userns: Implement unshare of the user namespace 2012-11-20 04:18:14 -08:00
freezer.c
futex_compat.c
futex.c
groups.c
hrtimer.c
hung_task.c
irq_work.c
itimer.c
jump_label.c
kallsyms.c
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kexec.c kdump: remove unneeded include 2012-10-06 03:05:19 +09:00
kfifo.c
kmod.c infrastructure for saner ret_from_kernel_thread semantics 2012-10-12 13:35:07 -04:00
kprobes.c
ksysfs.c
kthread.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-10-13 10:05:52 +09:00
latencytop.c
lglock.c
lockdep_internals.h
lockdep_proc.c
lockdep_states.h
lockdep.c
Makefile Makefile: Documentation for external tool should be correct 2012-10-25 16:00:53 -07:00
modsign_pubkey.c MODSIGN: Provide module signing public keys to the kernel 2012-10-10 20:01:22 +10:30
module_signing.c module_signing: fix printk format warning 2012-10-22 08:56:34 +03:00
module-internal.h MODSIGN: Move the magic string to the end of a module and eliminate the search 2012-10-19 17:30:40 -07:00
module.c MODSIGN: Move the magic string to the end of a module and eliminate the search 2012-10-19 17:30:40 -07:00
mutex-debug.c
mutex-debug.h
mutex.c
mutex.h
notifier.c
nsproxy.c userns: Implement unshare of the user namespace 2012-11-20 04:18:14 -08:00
padata.c
panic.c
params.c
pid_namespace.c userns: Require CAP_SYS_ADMIN for most uses of setns. 2012-12-14 16:12:03 -08:00
pid.c proc: Usable inode numbers for the namespace file descriptors. 2012-11-20 04:19:49 -08:00
posix-cpu-timers.c
posix-timers.c
printk.c printk: Fix scheduling-while-atomic problem in console_cpu_notify() 2012-10-16 18:17:44 -07:00
profile.c
ptrace.c userns: Kill task_user_ns 2012-11-20 04:17:44 -08:00
range.c
rcu.h
rcupdate.c
rcutiny_plugin.h
rcutiny.c
rcutorture.c
rcutree_plugin.h
rcutree_trace.c
rcutree.c rcu: Grace-period initialization excludes only RCU notifier 2012-10-08 09:06:38 -07:00
rcutree.h rcu: Grace-period initialization excludes only RCU notifier 2012-10-08 09:06:38 -07:00
relay.c
res_counter.c
resource.c kernel/resource.c: fix stack overflow in __reserve_region_with_split() 2012-10-06 03:05:31 +09:00
rtmutex_common.h
rtmutex-debug.c
rtmutex-debug.h
rtmutex-tester.c
rtmutex.c
rtmutex.h
rwsem.c
seccomp.c
semaphore.c
signal.c pidns: Use task_active_pid_ns where appropriate 2012-11-19 05:59:09 -08:00
smp.c
smpboot.c
smpboot.h
softirq.c
spinlock.c
srcu.c
stacktrace.c
stop_machine.c
sys_ni.c
sys.c use clamp_t in UNAME26 fix 2012-10-19 18:51:17 -07:00
sysctl_binary.c pidns: Use task_active_pid_ns where appropriate 2012-11-19 05:59:09 -08:00
sysctl.c Kconfig: clean up the "#if defined(arch)" list for exception-trace sysctl entry 2012-10-09 16:22:14 +09:00
task_work.c
taskstats.c taskstats: cgroupstats_user_cmd() may leak on error 2012-10-06 03:05:31 +09:00
test_kprobes.c
time.c
timeconst.pl
timer.c timers: Fix endless looping between cascade() and internal_add_timer() 2012-10-09 21:27:14 +02:00
tracepoint.c
tsacct.c
uid16.c
up.c
user_namespace.c proc: Usable inode numbers for the namespace file descriptors. 2012-11-20 04:19:49 -08:00
user-return-notifier.c
user.c proc: Usable inode numbers for the namespace file descriptors. 2012-11-20 04:19:49 -08:00
utsname_sysctl.c
utsname.c userns: Require CAP_SYS_ADMIN for most uses of setns. 2012-12-14 16:12:03 -08:00
wait.c
watchdog.c
workqueue_sched.h
workqueue.c workqueue: cancel_delayed_work() should return %false if work item is idle 2012-10-24 12:38:16 -07:00