LKML Archive on
help / color / mirror / Atom feed
From: Christian Brauner <>
To: Linus Torvalds <>
Subject: [GIT PULL] sys fixes
Date: Tue, 31 Aug 2021 12:03:26 +0200	[thread overview]
Message-ID: <> (raw)

Hi Linus,

/* Summary */
This contains a single fix to set_user() which aligns permission checks with
the corresponding fork() codepath. Noone involved in this could come up with a
reason for the difference. A capable caller can already circumvent the check
when they fork where the permission checks are already for the relevant
capabilities in addition to also allowing to exceed nproc when it is the init
user. Apply the same logic to set_user().

(In case any question come up I'll be on vacation next week so responding might
 take a while.)

/* Testing */
All patches are based on v5.14-rc5 and have been sitting in linux-next. No
build failures or warnings were observed. All old and new tests are passing.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current

The following changes since commit 36a21d51725af2ce0700c6ebcb6b9594aac658a6:

  Linux 5.14-rc5 (2021-08-08 13:49:31 -0700)

are available in the Git repository at: tags/kernel.sys.v5.15

for you to fetch changes up to 2863643fb8b92291a7e97ba46e342f1163595fa8:

  set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds (2021-08-12 14:54:25 +0200)

Please consider pulling these changes from the signed kernel.sys.v5.15 tag.



Ran Xiaokai (1):
      set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds

 kernel/sys.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

             reply	other threads:[~2021-08-31 10:03 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-31 10:03 Christian Brauner [this message]
2021-08-31 19:23 ` Linus Torvalds
2021-09-01  9:24   ` Christian Brauner
2021-08-31 19:52 ` pr-tracker-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \
    --subject='Re: [GIT PULL] sys fixes' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).