)]}' { "log": [ { "commit": "34482e89a5218f0f9317abf1cfba3bb38b5c29dd", "tree": "94a2c2409fbbef8a01aae589469ee44180e6e04f", "parents": [ "13b6f57623bc485e116344fe91fbcb29f149242b" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sun Mar 07 18:43:27 2010 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue May 10 14:35:35 2011 -0700" }, "message": "ns proc: Add support for the uts namespace\n\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "bb96a6f50be27390dc959ff67d9ea0ea0cfbe177", "tree": "478253434235baeb1e4760a25c0a0f01293fbb8a", "parents": [ "3486740a4f32a6a466f5ac931654d154790ba648" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:18 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:03 2011 -0700" }, "message": "userns: allow sethostname in a container\n\nChangelog:\n\tFeb 23: let clone_uts_ns() handle setting uts-\u003euser_ns\n\t\tTo do so we need to pass in the task_struct who\u0027ll\n\t\tget the utsname, so we can get its user_ns.\n\tFeb 23: As per Oleg\u0027s coment, just pass in tsk, instead of two\n\t\tof its members.\n\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "59607db367c57f515183cb203642291bb14d9c40", "tree": "9097cfc3a72820c5624de6a24c9fa9cf28b6cb35", "parents": [ "52e9fc76d0d4b1e8adeee736172c6c23180059b2" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:16 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:46:59 2011 -0700" }, "message": "userns: add a user_namespace as creator/owner of uts_namespace\n\nThe expected course of development for user namespaces targeted\ncapabilities is laid out at https://wiki.ubuntu.com/UserNamespace.\n\nGoals:\n\n- Make it safe for an unprivileged user to unshare namespaces. They\n will be privileged with respect to the new namespace, but this should\n only include resources which the unprivileged user already owns.\n\n- Provide separate limits and accounting for userids in different\n namespaces.\n\nStatus:\n\n Currently (as of 2.6.38) you can clone with the CLONE_NEWUSER flag to\n get a new user namespace if you have the CAP_SYS_ADMIN, CAP_SETUID, and\n CAP_SETGID capabilities. What this gets you is a whole new set of\n userids, meaning that user 500 will have a different \u0027struct user\u0027 in\n your namespace than in other namespaces. So any accounting information\n stored in struct user will be unique to your namespace.\n\n However, throughout the kernel there are checks which\n\n - simply check for a capability. Since root in a child namespace\n has all capabilities, this means that a child namespace is not\n constrained.\n\n - simply compare uid1 \u003d\u003d uid2. Since these are the integer uids,\n uid 500 in namespace 1 will be said to be equal to uid 500 in\n namespace 2.\n\n As a result, the lxc implementation at lxc.sf.net does not use user\n namespaces. This is actually helpful because it leaves us free to\n develop user namespaces in such a way that, for some time, user\n namespaces may be unuseful.\n\nBugs aside, this patchset is supposed to not at all affect systems which\nare not actively using user namespaces, and only restrict what tasks in\nchild user namespace can do. They begin to limit privilege to a user\nnamespace, so that root in a container cannot kill or ptrace tasks in the\nparent user namespace, and can only get world access rights to files.\nSince all files currently belong to the initila user namespace, that means\nthat child user namespaces can only get world access rights to *all*\nfiles. While this temporarily makes user namespaces bad for system\ncontainers, it starts to get useful for some sandboxing.\n\nI\u0027ve run the \u0027runltplite.sh\u0027 with and without this patchset and found no\ndifference.\n\nThis patch:\n\ncopy_process() handles CLONE_NEWUSER before the rest of the namespaces.\nSo in the case of clone(CLONE_NEWUSER|CLONE_NEWUTS) the new uts namespace\nwill have the new user namespace as its owner. That is what we want,\nsince we want root in that new userns to be able to have privilege over\nit.\n\nChangelog:\n\tFeb 15: don\u0027t set uts_ns-\u003euser_ns if we didn\u0027t create\n\t\ta new uts_ns.\n\tFeb 23: Move extern init_user_ns declaration from\n\t\tinit/version.c to utsname.h.\n\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4c2a7e72d5937c6a112141c7ff3df0727b3cf3df", "tree": "783dc576aef932a3b56c62da2edb63c1bf9b1170", "parents": [ "dca4a979604da1bac6956c0117abc2114d6dd3ec" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Wed Jun 17 16:27:54 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 18 13:03:55 2009 -0700" }, "message": "utsns: extract creeate_uts_ns()\n\ncreate_uts_ns() will be used by C/R to create fresh uts_ns.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7a8fc9b248e77a4eab0613acf30a6811799786b3", "tree": "24b3beb8bc0633db27ffdb791f94dce95d51b1d0", "parents": [ "d3ee1b405872214609868f3cde631ac157026dd0" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Sun Aug 17 17:36:59 2008 +0300" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 23 12:14:12 2008 -0700" }, "message": "removed unused #include \u003clinux/version.h\u003e\u0027s\n\nThis patch lets the files using linux/version.h match the files that\n#include it.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1aeb272cf09f9e2cbc62163b9f37a9b4d1c7e81d", "tree": "17c76e18fa145affedae790460cff724f965646b", "parents": [ "3a2e7f47d71e1df86acc1dda6826890b6546a4e1" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@crashcourse.ca", "time": "Tue Apr 29 00:59:25 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:04 2008 -0700" }, "message": "kernel: explicitly include required header files under kernel/\n\nFollowing an experimental deletion of the unnecessary directive\n\n #include \u003clinux/slab.h\u003e\n\nfrom the header file \u003clinux/percpu.h\u003e, these files under kernel/ were exposed\nas needing to include one of \u003clinux/slab.h\u003e or \u003clinux/gfp.h\u003e, so explicit\nincludes were added where necessary.\n\nSigned-off-by: Robert P. J. Day \u003crpjday@crashcourse.ca\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "efc63c4fb0f95865907472d1c6bc0cfea9ee156b", "tree": "197650d8698f62c4886305e859cfbbf16aada5fc", "parents": [ "019ad4a0a60b09022945273848b5a686e39a78aa" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@sw.ru", "time": "Tue Sep 18 22:46:27 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Sep 19 11:24:17 2007 -0700" }, "message": "Fix UTS corruption during clone(CLONE_NEWUTS)\n\nstruct utsname is copied from master one without any exclusion.\n\nHere is sample output from one proggie doing\n\n\tsethostname(\"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\");\n\tsethostname(\"bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb\");\n\nand another\n\n\tclone(,, CLONE_NEWUTS, ...)\n\tuname()\n\n\thostname \u003d \u0027aaaaaaaaaaaaaaaaaaaaaaaaabbbbb\u0027\n\thostname \u003d \u0027bbbaaaaaaaaaaaaaaaaaaaaaaaaaaa\u0027\n\thostname \u003d \u0027aaaaaaaabbbbbbbbbbbbbbbbbbbbbb\u0027\n\thostname \u003d \u0027aaaaaaaaaaaaaaaaaaaaaaaaaabbbb\u0027\n\thostname \u003d \u0027aaaaaaaaaaaaaaaaaaaaaaaaaaaabb\u0027\n\thostname \u003d \u0027aaabbbbbbbbbbbbbbbbbbbbbbbbbbb\u0027\n\thostname \u003d \u0027bbbbbbbbbbbbbbbbaaaaaaaaaaaaaa\u0027\n\nHostname is sometimes corrupted.\n\nYes, even _the_ simplest namespace activity had bug in it. :-(\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@sw.ru\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "213dd266d48af90c1eec8688c1ff31aa34d21de2", "tree": "2882f6e84d36421ebe2a6360cfe0c773bd9053bd", "parents": [ "e3a68e30d28dbc6981dfc3d6ceddbfa2f885fe4e" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sun Jul 15 23:41:15 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:48 2007 -0700" }, "message": "namespace: ensure clone_flags are always stored in an unsigned long\n\nWhile working on unshare support for the network namespace I noticed we\nwere putting clone flags in an int. Which is weird because the syscall\nuses unsigned long and we at least need an unsigned to properly hold all of\nthe unshare flags.\n\nSo to make the code consistent, this patch updates the code to use\nunsigned long instead of int for the clone flags in those places\nwhere we get it wrong today.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nAcked-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "467e9f4b5086a60a5cb2e032ccaf4a31abadc4c2", "tree": "f21b3975db312e4cdee1d9d3622549de2648b7ff", "parents": [ "3e733f071e16bdad13a75eedb102e8941b09927e" ], "author": { "name": "Cedric Le Goater", "email": "clg@fr.ibm.com", "time": "Sun Jul 15 23:41:06 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "fix create_new_namespaces() return value\n\ndup_mnt_ns() and clone_uts_ns() return NULL on failure. This is wrong,\ncreate_new_namespaces() uses ERR_PTR() to catch an error. This means that the\nsubsequent create_new_namespaces() will hit BUG_ON() in copy_mnt_ns() or\ncopy_utsname().\n\nModify create_new_namespaces() to also use the errors returned by the\ncopy_*_ns routines and not to systematically return ENOMEM.\n\n[oleg@tv-sign.ru: better changelog]\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Badari Pulavarty \u003cpbadari@us.ibm.com\u003e\nCc: Pavel Emelianov \u003cxemul@openvz.org\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e3222c4ecc649c4ae568e61dda9349482401b501", "tree": "d96614ef67d947a3dd8ab0929a4755bce9fdbcc1", "parents": [ "4fc75ff4816c3483b4b772b2f6cb3d8fd88ca547" ], "author": { "name": "Badari Pulavarty", "email": "pbadari@us.ibm.com", "time": "Tue May 08 00:25:21 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:00 2007 -0700" }, "message": "Merge sys_clone()/sys_unshare() nsproxy and namespace handling\n\nsys_clone() and sys_unshare() both makes copies of nsproxy and its associated\nnamespaces. But they have different code paths.\n\nThis patch merges all the nsproxy and its associated namespace copy/clone\nhandling (as much as possible). Posted on container list earlier for\nfeedback.\n\n- Create a new nsproxy and its associated namespaces and pass it back to\n caller to attach it to right process.\n\n- Changed all copy_*_ns() routines to return a new copy of namespace\n instead of attaching it to task-\u003ensproxy.\n\n- Moved the CAP_SYS_ADMIN checks out of copy_*_ns() routines.\n\n- Removed unnessary !ns checks from copy_*_ns() and added BUG_ON()\n just incase.\n\n- Get rid of all individual unshare_*_ns() routines and make use of\n copy_*_ns() instead.\n\n[akpm@osdl.org: cleanups, warning fix]\n[clg@fr.ibm.com: remove dup_namespaces() declaration]\n[serue@us.ibm.com: fix CONFIG_IPC_NS\u003dn, clone(CLONE_NEWIPC) retval]\n[akpm@linux-foundation.org: fix build with CONFIG_SYSVIPC\u003dn]\nSigned-off-by: Badari Pulavarty \u003cpbadari@us.ibm.com\u003e\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: \u003ccontainers@lists.osdl.org\u003e\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "071df104f808b8195c40643dcb4d060681742e29", "tree": "e5c3355e526e0182797d59c7e80062fbc2bb7d77", "parents": [ "bf47fdcda65b44dbd674eeedcaa06e0aa28a5a00" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Oct 02 02:18:17 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Oct 02 07:57:22 2006 -0700" }, "message": "[PATCH] namespaces: utsname: implement CLONE_NEWUTS flag\n\nImplement a CLONE_NEWUTS flag, and use it at clone and sys_unshare.\n\n[clg@fr.ibm.com: IPC unshare fix]\n[bunk@stusta.de: cleanup]\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Kirill Korotaev \u003cdev@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Andrey Savochkin \u003csaw@sw.ru\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "4865ecf1315b450ab3317a745a6678c04d311e40", "tree": "6cf5d3028f8642eba2a8094eb413db080cc9219c", "parents": [ "96b644bdec977b97a45133e5b4466ba47a7a5e65" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Oct 02 02:18:14 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Oct 02 07:57:21 2006 -0700" }, "message": "[PATCH] namespaces: utsname: implement utsname namespaces\n\nThis patch defines the uts namespace and some manipulators.\nAdds the uts namespace to task_struct, and initializes a\nsystem-wide init namespace.\n\nIt leaves a #define for system_utsname so sysctl will compile.\nThis define will be removed in a separate patch.\n\n[akpm@osdl.org: build fix, cleanup]\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Kirill Korotaev \u003cdev@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Andrey Savochkin \u003csaw@sw.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" } ] }