[PATCH] Forbid invocation of kexec_load() outside initial PID namespace

Eric W. Biederman ebiederm at xmission.com
Fri Aug 3 12:45:40 UTC 2012


The solution is to use user namespaces and to only test ns_capable on the magic reboot path.

For the 3.7 timeframe that should be a realistic solution.

Eric


More information about the Containers mailing list