Linux-Fsdevel Archive on lore.kernel.org
help / color / mirror / Atom feed
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Adrian Reber <areber@redhat.com>
Cc: "Christian Brauner" <christian.brauner@ubuntu.com>,
"Eric Biederman" <ebiederm@xmission.com>,
"Pavel Emelyanov" <ovzxemul@gmail.com>,
"Oleg Nesterov" <oleg@redhat.com>,
"Dmitry Safonov" <0x7f454c46@gmail.com>,
"Andrei Vagin" <avagin@gmail.com>,
"Nicolas Viennot" <Nicolas.Viennot@twosigma.com>,
"Michał Cłapiński" <mclapinski@google.com>,
"Kamil Yurtsever" <kyurtsever@google.com>,
"Dirk Petersen" <dipeit@gmail.com>,
"Christine Flood" <chf@redhat.com>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Mike Rapoport" <rppt@linux.ibm.com>,
"Radostin Stoyanov" <rstoyanov1@gmail.com>,
"Cyrill Gorcunov" <gorcunov@openvz.org>,
"Serge Hallyn" <serge@hallyn.com>,
"Stephen Smalley" <stephen.smalley.work@gmail.com>,
"Sargun Dhillon" <sargun@sargun.me>,
"Arnd Bergmann" <arnd@arndb.de>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, selinux@vger.kernel.org,
"Eric Paris" <eparis@parisplace.org>,
"Jann Horn" <jannh@google.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v5 0/6] capabilities: Introduce CAP_CHECKPOINT_RESTORE
Date: Fri, 17 Jul 2020 22:24:16 -0500 [thread overview]
Message-ID: <20200718032416.GC11982@mail.hallyn.com> (raw)
In-Reply-To: <20200715144954.1387760-1-areber@redhat.com>
On Wed, Jul 15, 2020 at 04:49:48PM +0200, Adrian Reber wrote:
> This is v5 of the 'Introduce CAP_CHECKPOINT_RESTORE' patchset. The
> changes to v4 are:
>
> * split into more patches to have the introduction of
> CAP_CHECKPOINT_RESTORE and the actual usage in different
> patches
> * reduce the /proc/self/exe patch to only be about
> CAP_CHECKPOINT_RESTORE
>
> Adrian Reber (5):
> capabilities: Introduce CAP_CHECKPOINT_RESTORE
> pid: use checkpoint_restore_ns_capable() for set_tid
> pid_namespace: use checkpoint_restore_ns_capable() for ns_last_pid
> proc: allow access in init userns for map_files with CAP_CHECKPOINT_RESTORE
> selftests: add clone3() CAP_CHECKPOINT_RESTORE test
>
> Nicolas Viennot (1):
> prctl: Allow checkpoint/restore capable processes to change exe link
(This is probably bad form, but) All
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Assuming you changes patches 4 and 6 per Christian's suggestions,
I'd like to re-review those then.
>
> fs/proc/base.c | 8 +-
> include/linux/capability.h | 6 +
> include/uapi/linux/capability.h | 9 +-
> kernel/pid.c | 2 +-
> kernel/pid_namespace.c | 2 +-
> kernel/sys.c | 12 +-
> security/selinux/include/classmap.h | 5 +-
> tools/testing/selftests/clone3/Makefile | 4 +-
> .../clone3/clone3_cap_checkpoint_restore.c | 203 ++++++++++++++++++
> 9 files changed, 236 insertions(+), 15 deletions(-)
> create mode 100644 tools/testing/selftests/clone3/clone3_cap_checkpoint_restore.c
>
>
> base-commit: d31958b30ea3b7b6e522d6bf449427748ad45822
> --
> 2.26.2
next prev parent reply other threads:[~2020-07-18 3:24 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-15 14:49 Adrian Reber
2020-07-15 14:49 ` [PATCH v5 1/6] " Adrian Reber
2020-07-15 15:06 ` Christian Brauner
2020-07-15 14:49 ` [PATCH v5 2/6] pid: use checkpoint_restore_ns_capable() for set_tid Adrian Reber
2020-07-15 15:08 ` Christian Brauner
2020-07-15 14:49 ` [PATCH v5 3/6] pid_namespace: use checkpoint_restore_ns_capable() for ns_last_pid Adrian Reber
2020-07-15 15:08 ` Christian Brauner
2020-07-15 14:49 ` [PATCH v5 4/6] proc: allow access in init userns for map_files with CAP_CHECKPOINT_RESTORE Adrian Reber
2020-07-15 21:17 ` Cyrill Gorcunov
2020-07-16 8:51 ` Christian Brauner
2020-07-15 14:49 ` [PATCH v5 5/6] prctl: Allow checkpoint/restore capable processes to change exe link Adrian Reber
2020-07-15 15:20 ` Christian Brauner
2020-07-15 15:49 ` Nicolas Viennot
2020-07-15 14:49 ` [PATCH v5 6/6] selftests: add clone3() CAP_CHECKPOINT_RESTORE test Adrian Reber
2020-07-15 15:24 ` Christian Brauner
2020-07-18 3:24 ` Serge E. Hallyn [this message]
2020-07-18 17:47 ` [PATCH v5 0/6] capabilities: Introduce CAP_CHECKPOINT_RESTORE Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200718032416.GC11982@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=0x7f454c46@gmail.com \
--cc=Nicolas.Viennot@twosigma.com \
--cc=areber@redhat.com \
--cc=arnd@arndb.de \
--cc=avagin@gmail.com \
--cc=casey@schaufler-ca.com \
--cc=chf@redhat.com \
--cc=christian.brauner@ubuntu.com \
--cc=dipeit@gmail.com \
--cc=ebiederm@xmission.com \
--cc=eparis@parisplace.org \
--cc=gorcunov@openvz.org \
--cc=jannh@google.com \
--cc=kyurtsever@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mclapinski@google.com \
--cc=oleg@redhat.com \
--cc=ovzxemul@gmail.com \
--cc=rppt@linux.ibm.com \
--cc=rstoyanov1@gmail.com \
--cc=sargun@sargun.me \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--subject='Re: [PATCH v5 0/6] capabilities: Introduce CAP_CHECKPOINT_RESTORE' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).