Bug#712870: linux-image-3.9-1-amd64: enable CONFIG_USER_NS

To: Alessandro Ghedini <ghedo@debian.org>, 712870@bugs.debian.org
Subject: Bug#712870: linux-image-3.9-1-amd64: enable CONFIG_USER_NS
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 20 Jun 2013 13:27:21 +0100
Message-id: <[🔎] 1371731241.8771.5.camel@deadeye.wl.decadent.org.uk>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 712870@bugs.debian.org
In-reply-to: <[🔎] 20130620114900.13188.15813.reportbug@kronk>
References: <[🔎] 20130620114900.13188.15813.reportbug@kronk>

On Thu, 2013-06-20 at 13:49 +0200, Alessandro Ghedini wrote:
> Package: src:linux
> Version: 3.9.6-1
> Severity: wishlist
> 
> Hi,
> 
> would it be possible to enable the CONFIG_USER_NS option? AFAICT as of v3.10 all
> the parts that needed converting have been converted. Is this correct? Are there
> any other related concerns?

This is not correct; XFS has not been converted.

And there are likely many more privilege escalation bugs related to
users creating their own user-namespaces that haven't yet been
discovered.  I am reluctant to enable it again at this stage without
limiting its use to root by default.

Ben.

-- 
Ben Hutchings
Lowery's Law:
             If it jams, force it. If it breaks, it needed replacing anyway.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Bug#712870: linux-image-3.9-1-amd64: enable CONFIG_USER_NS
  - From: Alessandro Ghedini <ghedo@debian.org>

References:
- Bug#712870: linux-image-3.9-1-amd64: enable CONFIG_USER_NS
  - From: Alessandro Ghedini <ghedo@debian.org>

Prev by Date: Processed: Re: Bug#712860: aptitude upgrade probleme with package linux-image-3.2.0-4-amd64 version 3.2.46-1
Next by Date: Bug#712860: (no subject)
Previous by thread: Bug#712870: linux-image-3.9-1-amd64: enable CONFIG_USER_NS
Next by thread: Bug#712870: linux-image-3.9-1-amd64: enable CONFIG_USER_NS
Index(es):
- Date
- Thread