[ 3.8.y.z extended stable ] Patch "userns: unshare_userns(&cred) should not populate cred on failure" has been added to staging queue
Kamal Mostafa
kamal at canonical.com
Fri Aug 16 21:47:59 UTC 2013
On Fri, 2013-08-16 at 13:59 +0200, Oleg Nesterov wrote:
> On 08/15, Kamal Mostafa wrote:
> >
> > commit 6160968cee8b90a5dd95318d716e31d7775c4ef3 upstream.
> >
> > unshare_userns(new_cred) does *new_cred = prepare_creds() before
> > create_user_ns() which can fail. However, the caller expects that
> > it doesn't need to take care of new_cred if unshare_userns() fails.
>
> I'd also suggest you to take the next commit, 8742f229b635b
> "userns: limit the maximum depth of user_namespace->parent chain".
> I forgot to cc -stable, sorry.
>
>
> As Andy pointed out unshare_userns() has problems even if succeeds.
>
> Oleg.
Thanks very much, Oleg. I'll queue up 8742f229b635b as well.
-Kamal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20130816/3f232c08/attachment.sig>
More information about the kernel-team
mailing list