commit | 41c21e351e79004dbb4efa4bc14a53a7e0af38c5 | [log] [tgz] |
---|---|---|
author | Andy Lutomirski <luto@amacapital.net> | Sun Apr 14 11:44:04 2013 -0700 |
committer | Andy Lutomirski <luto@amacapital.net> | Sun Apr 14 18:11:32 2013 -0700 |
tree | 09f41257304634a6f2dcf48fd99504924a5344f1 | |
parent | e3211c120a85b792978bcb4be7b2886df18d27f0 [diff] |
userns: Changing any namespace id mappings should require privileges Changing uid/gid/projid mappings doesn't change your id within the namespace; it reconfigures the namespace. Unprivileged programs should *not* be able to write these files. (We're also checking the privileges on the wrong task.) Given the write-once nature of these files and the other security checks, this is likely impossible to usefully exploit. Signed-off-by: Andy Lutomirski <luto@amacapital.net>