GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-06-28 01:21:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
No description
1050373 commits 24 branches 25 tags 2.7 GiB
Find a file
Eric W. Biederman b0743246ae ucounts: Fix systemd LimitNPROC with private users regression 
commit 0ac983f512 upstream.

Long story short recursively enforcing RLIMIT_NPROC when it is not
enforced on the process that creates a new user namespace, causes
currently working code to fail.  There is no reason to enforce
RLIMIT_NPROC recursively when we don't enforce it normally so update
the code to detect this case.

I would like to simply use capable(CAP_SYS_RESOURCE) to detect when
RLIMIT_NPROC is not enforced upon the caller.  Unfortunately because
RLIMIT_NPROC is charged and checked for enforcement based upon the
real uid, using capable() which is euid based is inconsistent with reality.
Come as close as possible to testing for capable(CAP_SYS_RESOURCE) by
testing for when the real uid would match the conditions when
CAP_SYS_RESOURCE would be present if the real uid was the effective
uid.

Reported-by: Etienne Dechamps <etienne@edechamps.fr>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215596
Link: https://lkml.kernel.org/r/e9589141-cfeb-90cd-2d0e-83a62787239a@edechamps.fr
Link: https://lkml.kernel.org/r/87sfs8jmpz.fsf_-_@email.froward.int.ebiederm.org
Cc: stable@vger.kernel.org
Fixes: 21d1c5e386 ("Reimplement RLIMIT_NPROC on top of ucounts")
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-19 17:45:56 +08:00
arch riscv/mm: Add XIP_FIXUP for phys_ram_base 2023-04-19 17:45:55 +08:00
block block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern 2023-04-19 17:45:49 +08:00
certs certs: Add support for using elliptic curve keys for signing modules 2021-08-23 19:55:42 +03:00
crypto crypto: api - Move cryptomgr soft dependency into algapi 2023-04-19 17:45:10 +08:00
Documentation drm/i915/display: Move DRRS code its own file 2023-04-19 17:45:55 +08:00
drivers PCI: mvebu: Fix device enumeration regression 2023-04-19 17:45:56 +08:00
fs cifs: fix confusing unneeded warning message on smb2.1 and earlier 2023-04-19 17:45:56 +08:00
include net: of: fix stub of_net helpers for CONFIG_NET=n 2023-04-19 17:45:56 +08:00
init init: make unknown command line param message clearer 2023-04-19 16:57:51 +08:00
ipc ipc/sem: do not sleep with a spin lock held 2023-04-19 17:45:01 +08:00
kernel ucounts: Fix systemd LimitNPROC with private users regression 2023-04-19 17:45:56 +08:00
lib lib/iov_iter: initialize "flags" in new pipe_buffer 2023-04-19 17:45:35 +08:00
LICENSES LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes" 2021-07-15 06:31:24 -06:00
mm kasan: fix quarantine conflicting with init_on_free 2023-04-19 17:45:53 +08:00
net of: net: move of_net under net/ 2023-04-19 17:45:56 +08:00
samples samples: bpf: Fix 'unknown warning group' build warning on Clang 2023-04-19 17:43:59 +08:00
scripts kconfig: fix failing to generate auto.conf 2023-04-19 17:45:35 +08:00
security selinux: fix misuse of mutex_is_locked() 2023-04-19 17:45:37 +08:00
sound ALSA: intel_hdmi: Fix reference to PCM buffer address 2023-04-19 17:45:56 +08:00
tools selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting 2023-04-19 17:45:54 +08:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2023-04-19 17:44:58 +08:00
virt KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU 2023-04-19 17:45:51 +08:00
.clang-format clang-format: Update with the latest for_each macro list 2021-05-12 23:32:39 +02:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap mailmap: add Andrej Shadura 2021-10-18 20:22:03 -10:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Daniel Drake to credits 2021-09-21 08:34:58 +03:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: Add entry for RISC-V PMU drivers 2023-01-03 14:26:18 +08:00
Makefile Linux 5.15.26 2023-04-19 17:45:47 +08:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.