• Linus Torvalds's avatar
    Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace · dd198ce7
    Linus Torvalds authored
    Pull namespace updates from Eric Biederman:
     "Life has been busy and I have not gotten half as much done this round
      as I would have liked. I delayed it so that a minor conflict
      resolution with the mips tree could spend a little time in linux-next
      before I sent this pull request.
    
      This includes two long delayed user namespace changes from Kirill
      Tkhai. It also includes a very useful change from Serge Hallyn that
      allows the security capability attribute to be used inside of user
      namespaces. The practical effect of this is people can now untar
      tarballs and install rpms in user namespaces. It had been suggested to
      generalize this and encode some of the namespace information
      information in the xattr name. Upon close inspection that makes the
      things that should be hard easy and the things that should be easy
      more expensive.
    
      Then there is my bugfix/cleanup for signal injection that removes the
      magic encoding of the siginfo union member from the kernel internal
      si_code. The mips folks reported the case where I had used FPE_FIXME
      me is impossible so I have remove FPE_FIXME from mips, while at the
      same time including a return statement in that case to keep gcc from
      complaining about unitialized variables.
    
      I almost finished the work to get make copy_siginfo_to_user a trivial
      copy to user. The code is available at:
    
         git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git neuter-copy_siginfo_to_user-v3
    
      But I did not have time/energy to get the code posted and reviewed
      before the merge window opened.
    
      I was able to see that the security excuse for just copying fields
      that we know are initialized doesn't work in practice there are buggy
      initializations that don't initialize the proper fields in siginfo. So
      we still sometimes copy unitialized data to userspace"
    
    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
      Introduce v3 namespaced file capabilities
      mips/signal: In force_fcr31_sig return in the impossible case
      signal: Remove kernel interal si_code magic
      fcntl: Don't use ambiguous SIG_POLL si_codes
      prctl: Allow local CAP_SYS_ADMIN changing exe_file
      security: Use user_namespace::level to avoid redundant iterations in cap_capable()
      userns,pidns: Verify the userns for new pid namespaces
      signal/testing: Don't look for __SI_FAULT in userspace
      signal/mips: Document a conflict with SI_USER with SIGFPE
      signal/sparc: Document a conflict with SI_USER with SIGFPE
      signal/ia64: Document a conflict with SI_USER with SIGFPE
      signal/alpha: Document a conflict with SI_USER for SIGTRAP
    dd198ce7
commoncap.c 36.7 KB