Containers Archive mirror
 help / color / mirror / Atom feed
fanotify sb/mount watch inside userns (Was: [PATCH RFC] : fhandle: relax open_by_handle_at() permission checks)
 2024-10-16 12:53 UTC 

CFP for the containers and checkpoint-restore micro-conference at LPC 2024 mailing/containers
 2024-09-13 10:39 UTC  (2+ messages)

[PATCH v2 0/4] Introduce user namespace capabilities
 2024-06-28 14:45 UTC  (32+ messages)
` [PATCH v2 1/4] capabilities: Add "
` [PATCH v2 2/4] capabilities: Add securebit to restrict userns caps
` [PATCH v2 3/4] capabilities: Add sysctl to mask off "
` [PATCH v2 4/4] bpf,lsm: Allow editing capabilities in BPF-LSM hooks

[PATCH 0/3] Introduce user namespace capabilities
 2024-05-31  7:43 UTC  (53+ messages)
` [PATCH 1/3] capabilities: "
` [PATCH 2/3] capabilities: add securebit for strict userns caps
` [PATCH 3/3] capabilities: add cap userns sysctl mask

[PATCH v1] sysctl: Allow change system v ipc sysctls inside ipc namespace
 2024-01-15 15:46 UTC  (22+ messages)
  ` [PATCH v1 1/3] "
        ` [PATCH v2 0/3] Allow to change ipc/mq "
          ` [PATCH v2 1/3] sysctl: Allow change system v ipc "
              ` [PATCH v3 0/3] Allow to change ipc/mq "
                ` [PATCH v3 1/3] sysctl: Allow change system v ipc "
                ` [PATCH v3 2/3] sysctl: Allow to change limits for posix messages queues
                ` [PATCH v3 3/3] docs: Add information about ipc sysctls limitations
                ` [RESEND PATCH v3 0/3] Allow to change ipc/mq sysctls inside ipc namespace
                  ` [RESEND PATCH v3 1/3] sysctl: Allow change system v ipc "
                  ` [RESEND PATCH v3 2/3] docs: Add information about ipc sysctls limitations
                  ` [RESEND PATCH v3 3/3] sysctl: Allow to change limits for posix messages queues
          ` [PATCH v2 2/3] "
          ` [PATCH v2 3/3] docs: Add information about ipc sysctls limitations
  ` [PATCH v1 2/3] sysctl: Allow to change limits for posix messages queues
  ` [PATCH v1 3/3] docs: Add information about ipc sysctls limitations

[PATCH] pid_ns: support pidns switching between sibling
 2023-10-14  4:21 UTC  (6+ messages)
  ` [External] "

[PATCH v1] ipc: Store mqueue sysctls in the ipc namespace
 2023-09-10 18:51 UTC  (8+ messages)
` [PATCH v2] "

[PATCH v2 1/2] binfmt_misc: cleanup on filesystem umount
 2023-07-14  8:41 UTC  (11+ messages)
` [PATCH v2 2/2] binfmt_misc: enable sandboxed mounts

[PATCH linux 0/3] [PATCH] userns: add sysctl "kernel.userns_group_range"
 2023-06-02 21:02 UTC  (13+ messages)
` [PATCH linux 3/3] "
` [PATCH linux 1/3] net/ipv4: split group_range logic to kernel/group_range.c
` [PATCH linux 2/3] group_range: allow GID from 2147483648 to 4294967294

[PATCH v15 00/26] ima: Namespace IMA with audit support in IMA-ns
 2023-02-10  0:39 UTC  (28+ messages)
` [PATCH v15 01/26] securityfs: rework dentry creation
` [PATCH v15 02/26] securityfs: Extend securityfs with namespacing support
` [PATCH v15 03/26] ima: Define ima_namespace struct and start moving variables into it
` [PATCH v15 04/26] ima: Move arch_policy_entry into ima_namespace
` [PATCH v15 05/26] ima: Move ima_htable "
` [PATCH v15 06/26] ima: Move measurement list related variables "
` [PATCH v15 07/26] ima: Move some IMA policy and filesystem "
` [PATCH v15 08/26] ima: Move IMA securityfs files into ima_namespace or onto stack
` [PATCH v15 09/26] ima: Move ima_lsm_policy_notifier into ima_namespace
` [PATCH v15 10/26] ima: Switch to lazy lsm policy updates for better performance
` [PATCH v15 11/26] ima: Define mac_admin_ns_capable() as a wrapper for ns_capable()
` [PATCH v15 12/26] ima: Only accept AUDIT rules for non-init_ima_ns namespaces for now
` [PATCH v15 13/26] userns: Add pointer to ima_namespace to user_namespace
` [PATCH v15 14/26] ima: Implement hierarchical processing of file accesses
` [PATCH v15 15/26] ima: Implement ima_free_policy_rules() for freeing of an ima_namespace
` [PATCH v15 16/26] ima: Add functions for creating and "
` [PATCH v15 17/26] integrity/ima: Define ns_status for storing namespaced iint data
` [PATCH v15 18/26] integrity: Add optional callback function to integrity_inode_free()
` [PATCH v15 19/26] ima: Namespace audit status flags
` [PATCH v15 20/26] ima: Remove unused iints from the integrity_iint_cache
` [PATCH v15 21/26] ima: Setup securityfs for IMA namespace
` [PATCH v15 22/26] ima: Introduce securityfs file to activate an "
` [PATCH v15 23/26] ima: Show owning user namespace's uid and gid when displaying policy
` [PATCH v15 24/26] ima: Limit number of policy rules in non-init_ima_ns
` [PATCH v15 25/26] ima: Restrict informational audit messages to init_ima_ns
` [PATCH v15 26/26] ima: Enable IMA namespaces

[RFC PATCH v1 0/6] proc: Add allowlist for procfs files
 2023-01-31 13:53 UTC  (15+ messages)
` [RFC PATCH v1 1/6] proc: Fix separator for subset option
` [RFC PATCH v1 2/6] proc: Add allowlist to control access to procfs files
` [RFC PATCH v1 3/6] proc: Check that subset= option has been set
` [RFC PATCH v1 4/6] proc: Allow to use the allowlist filter in userns
` [RFC PATCH v1 5/6] proc: Validate incoming allowlist
` [RFC PATCH v1 6/6] doc: proc: Add description of subset=allowlist

[PATCH v14 00/26] ima: Namespace IMA with audit support in IMA-ns
 2022-09-20 20:08 UTC  (28+ messages)
` [PATCH v14 01/26] securityfs: rework dentry creation
` [PATCH v14 02/26] securityfs: Extend securityfs with namespacing support
` [PATCH v14 03/26] ima: Define ima_namespace struct and start moving variables into it
` [PATCH v14 05/26] ima: Move ima_htable into ima_namespace
` [PATCH v14 06/26] ima: Move measurement list related variables "
` [PATCH v14 07/26] ima: Move some IMA policy and filesystem "
` [PATCH v14 08/26] ima: Move IMA securityfs files into ima_namespace or onto stack
` [PATCH v14 09/26] ima: Move ima_lsm_policy_notifier into ima_namespace
` [PATCH v14 10/26] ima: Switch to lazy lsm policy updates for better performance
` [PATCH v14 11/26] ima: Define mac_admin_ns_capable() as a wrapper for ns_capable()
` [PATCH v14 13/26] userns: Add pointer to ima_namespace to user_namespace
` [PATCH v14 15/26] ima: Implement ima_free_policy_rules() for freeing of an ima_namespace
` [PATCH v14 16/26] ima: Add functions for creating and "
` [PATCH v14 17/26] integrity/ima: Define ns_status for storing namespaced iint data
` [PATCH v14 18/26] integrity: Add optional callback function to integrity_inode_free()
` [PATCH v14 19/26] ima: Namespace audit status flags
` [PATCH v14 20/26] ima: Remove unused iints from the integrity_iint_cache
` [PATCH v14 21/26] ima: Setup securityfs for IMA namespace
` [PATCH v14 22/26] ima: Introduce securityfs file to activate an "
` [PATCH v14 23/26] ima: Show owning user namespace's uid and gid when displaying policy
` [PATCH v14 25/26] ima: Restrict informational audit messages to init_ima_ns
` [PATCH v14 26/26] ima: Enable IMA namespaces


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).