Displaying 7 results from an estimated 7 matches for "ns_capable".
Did you mean:
escapable
2020 Aug 30
1
Re: plug pre-created tap devices to libvirt guests
...://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/tun.c#n586
>
> ((uid_valid(tun->owner) && !uid_eq(cred->euid, tun->owner)) ||
> (gid_valid(tun->group) && !in_egroup_p(tun->group))) &&
> !ns_capable(net->user_ns, CAP_NET_ADMIN);
>
>
> This is called by the TUNSETIFF code.
>
> AFAICT, that means if you fchown(tapfd, uid, gid), to the uid+gid of
> libvirtd, it should not require CAP_NET_ADMIN.
>
> Regards,
> Daniel
I have no idea if this message will get linked in...
2016 Dec 05
1
Oops with CONFIG_VMAP_STCK and bond device + virtio-net
...75>] ? kvm_sched_clock_read+0x25/0x40
[<ffffffffbc111ed6>] ? __lock_acquire+0x346/0x1290
[<ffffffffbc4aa436>] ? nla_parse+0xa6/0x120
[<ffffffffbc7ce9e8>] rtnl_newlink+0x5c8/0x870
[<ffffffffbc3ecb32>] ? avc_has_perm_noaudit+0x32/0x210
[<ffffffffbc0bbfca>] ? ns_capable_common+0x7a/0x90
[<ffffffffbc0bbff3>] ? ns_capable+0x13/0x20
[<ffffffffbc7ced76>] rtnetlink_rcv_msg+0xe6/0x210
[<ffffffffbc7c951b>] ? rtnetlink_rcv+0x1b/0x40
[<ffffffffbc7c951b>] ? rtnetlink_rcv+0x1b/0x40
[<ffffffffbc7cec90>] ? rtnl_newlink+0x870/0x870
[<...
2016 Dec 05
1
Oops with CONFIG_VMAP_STCK and bond device + virtio-net
...75>] ? kvm_sched_clock_read+0x25/0x40
[<ffffffffbc111ed6>] ? __lock_acquire+0x346/0x1290
[<ffffffffbc4aa436>] ? nla_parse+0xa6/0x120
[<ffffffffbc7ce9e8>] rtnl_newlink+0x5c8/0x870
[<ffffffffbc3ecb32>] ? avc_has_perm_noaudit+0x32/0x210
[<ffffffffbc0bbfca>] ? ns_capable_common+0x7a/0x90
[<ffffffffbc0bbff3>] ? ns_capable+0x13/0x20
[<ffffffffbc7ced76>] rtnetlink_rcv_msg+0xe6/0x210
[<ffffffffbc7c951b>] ? rtnetlink_rcv+0x1b/0x40
[<ffffffffbc7c951b>] ? rtnetlink_rcv+0x1b/0x40
[<ffffffffbc7cec90>] ? rtnl_newlink+0x870/0x870
[<...
2014 Jan 29
1
Re: Libvirt-LXC + systemd + user namespace
On 28.01.2014 12:46, Daniel P. Berrange wrote:
> On Tue, Jan 28, 2014 at 12:32:41PM +0100, Jan Olszak wrote:
>> Hi there!
>>
>> I am trying to turn on user namespace by adding following lines to the
>> config:
>>
>>
>>
>> <idmap>
>>
>> <uid start='0' target='0' count='100000'/>
>>
2020 Jun 30
1
Re: plug pre-created tap devices to libvirt guests
On Tue, Jun 30, 2020 at 12:59:03PM +0200, Miguel Duarte de Mora Barroso wrote:
> On Mon, Apr 6, 2020 at 4:03 PM Laine Stump <lstump@redhat.com> wrote:
> >
> > On 4/6/20 9:54 AM, Daniel P. Berrangé wrote:
> > > On Mon, Apr 06, 2020 at 03:47:01PM +0200, Miguel Duarte de Mora Barroso wrote:
> > >> Hi all,
> > >>
> > >> I'm aware
2013 Mar 05
4
[RFC PATCH] drm/nouveau: use vmalloc for pgt allocation
Page tables on nv50 take 48kB, which can be hard to allocate in one piece.
Let's use vmalloc.
Signed-off-by: Marcin Slusarz <marcin.slusarz at gmail.com>
Cc: stable at vger.kernel.org [3.7+]
---
drivers/gpu/drm/nouveau/core/subdev/vm/base.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/nouveau/core/subdev/vm/base.c
2014 Feb 26
6
[libvirt] LXC, user namespaces and systemd
...led to mount FUSE Control File System.
See 'systemctl status sys-fs-fuse-connections.mount' for details.
Based on knowledge, which gave Daniel: "When a syscall requires
CAP_SYS_ADMIN, for example, the kernel will either use
capable(CAP_SYS_ADMIN) which only succeeds in the host, or
ns_capable(CAP_SYS_ADMIN) which is allowed to suceed in the container.
Different filesystems have differing restrictions, but at this time the
vast majority of filesystems require that capable(CAP_SYS_ADMIN)
succeeed and thus you can only mount them in the host.",
and discussion about "allow some...