Thread (25 messages) 25 messages, 7 authors, 2017-11-10

Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces

From: chris hyser <hidden>
Date: 2017-11-09 18:28:37
Also in: lkml, netdev 

On 11/09/2017 01:05 PM, Serge E. Hallyn wrote:
Would the existing capability bounding set not suffice for that?

The 'permanent' bounding set turns out to not be a good fit for
the problem being discussed in this thread, but please feel free
to start a new thread if you want to discuss your use case.
Sure. I will formulate something for a new thread. What seems to be 
asked for here is a way to globally patch the capability sets of a 
entire process subtree.

-chrish
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help