[lxc/lxc] 86c780: conf: handle kernels with CAP_SETFCAP
0 views
Skip to first unread message
Stéphane Graber
May 6, 2021, 12:42:47 PM5/6/21
to lxc-...@lists.linuxcontainers.org
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 86c780115a6ad14673f0b6b057219020b0523014
https://github.com/lxc/lxc/commit/86c780115a6ad14673f0b6b057219020b0523014
Author: Christian Brauner <christia...@ubuntu.com>
Date: 2021-05-06 (Thu, 06 May 2021)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: handle kernels with CAP_SETFCAP
LXC is being very clever and sometimes maps the caller's uid into the
child userns. This means that the caller can technically write fscaps
that are valid in the ancestor userns (which can be a security issue in
some scenarios) so newer kernels require CAP_SETFCAP to do this. Until
newuidmap/newgidmap are updated to account for this simply write the
mapping directly in this case.
Cc: stable-4.0
Signed-off-by: Christian Brauner <christia...@ubuntu.com>
Commit: ce86ae557a30fbdc505af611b2c215a22abac025
https://github.com/lxc/lxc/commit/ce86ae557a30fbdc505af611b2c215a22abac025
Author: Stéphane Graber <stgr...@ubuntu.com>
Date: 2021-05-06 (Thu, 06 May 2021)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
Merge pull request #3827 from brauner/2021-05-06.cap_setfcap
conf: handle kernels with CAP_SETFCAP
Compare: https://github.com/lxc/lxc/compare/78af4d9c908c...ce86ae557a30
Home: https://github.com/lxc/lxc
Commit: 86c780115a6ad14673f0b6b057219020b0523014
https://github.com/lxc/lxc/commit/86c780115a6ad14673f0b6b057219020b0523014
Author: Christian Brauner <christia...@ubuntu.com>
Date: 2021-05-06 (Thu, 06 May 2021)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: handle kernels with CAP_SETFCAP
LXC is being very clever and sometimes maps the caller's uid into the
child userns. This means that the caller can technically write fscaps
that are valid in the ancestor userns (which can be a security issue in
some scenarios) so newer kernels require CAP_SETFCAP to do this. Until
newuidmap/newgidmap are updated to account for this simply write the
mapping directly in this case.
Cc: stable-4.0
Signed-off-by: Christian Brauner <christia...@ubuntu.com>
Commit: ce86ae557a30fbdc505af611b2c215a22abac025
https://github.com/lxc/lxc/commit/ce86ae557a30fbdc505af611b2c215a22abac025
Author: Stéphane Graber <stgr...@ubuntu.com>
Date: 2021-05-06 (Thu, 06 May 2021)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
Merge pull request #3827 from brauner/2021-05-06.cap_setfcap
conf: handle kernels with CAP_SETFCAP
Compare: https://github.com/lxc/lxc/compare/78af4d9c908c...ce86ae557a30
Reply all
Reply to author
Forward
0 new messages