[PATCH 5/9] Allow ptrace from non-init user namespaces
daniel.lezcano at free.fr
Sat Feb 19 09:49:47 PST 2011
On 02/17/2011 04:03 PM, Serge E. Hallyn wrote:
> ptrace is allowed to tasks in the same user namespace according to
> the usual rules (i.e. the same rules as for two tasks in the init
> user namespace). ptrace is also allowed to a user namespace to
> which the current task the has CAP_SYS_PTRACE capability.
> Dec 31: Address feedback by Eric:
> . Correct ptrace uid check
> . Rename may_ptrace_ns to ptrace_capable
> . Also fix the cap_ptrace checks.
> Jan 1: Use const cred struct
> Jan 11: use task_ns_capable() in place of ptrace_capable().
> Signed-off-by: Serge E. Hallyn<serge.hallyn at canonical.com>
Acked-by: Daniel Lezcano <daniel.lezcano at free.fr>
More information about the Containers