diff options
| author | Serge E. Hallyn <[email protected]> | 2007-07-15 23:41:01 -0700 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2007-07-16 09:05:47 -0700 |
| commit | 77ec739d8d0979477fc91f530403805afa2581a4 (patch) | |
| tree | 0cefb80a7ff8d57a8f735954fdeb88e9efbaf05c /tools/perf/scripts/python | |
| parent | acce292c82d4d82d35553b928df2b0597c3a9c78 (diff) | |
user namespace: add unshare
This patch enables the unshare of user namespaces.
It adds a new clone flag CLONE_NEWUSER and implements copy_user_ns() which
resets the current user_struct and adds a new root user (uid == 0)
For now, unsharing the user namespace allows a process to reset its
user_struct accounting and uid 0 in the new user namespace should be contained
using appropriate means, for instance selinux
The plan, when the full support is complete (all uid checks covered), is to
keep the original user's rights in the original namespace, and let a process
become uid 0 in the new namespace, with full capabilities to the new
namespace.
Signed-off-by: Serge E. Hallyn <[email protected]>
Signed-off-by: Cedric Le Goater <[email protected]>
Acked-by: Pavel Emelianov <[email protected]>
Cc: Herbert Poetzl <[email protected]>
Cc: Kirill Korotaev <[email protected]>
Cc: Eric W. Biederman <[email protected]>
Cc: Chris Wright <[email protected]>
Cc: Stephen Smalley <[email protected]>
Cc: James Morris <[email protected]>
Cc: Andrew Morgan <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python')
0 files changed, 0 insertions, 0 deletions