search for: unprivilged

...tls to unprivileged users */ > > - if (net->user_ns != &init_user_ns) > > - table[1].procname = NULL; Here I remove the setting of the procname to NULL for ipv6 sysctl registers in route.c and I do not replace that assignment anywhere. This means that we will export sysctls to unprivilged users for ipv6. I'll correct this in V3. > > } > > return table; > > } > > + > > +size_t ipv6_route_sysctl_table_size(struct net *net) > > +{ > > + /* Don't export sysctls to unprivileged users */ > > + if (net->user_ns != &ini...

New /sys/hypervisor/uuid, containing this domain''s UUID. Stripping off /vm/ from the value of vm to get the UUID isn''t exactly nice. The alternative is to add a XENVER_get_uuid code to HYPERVISOR_xen_version(), but I''m not sure that''s worth it. Signed-off-by: Markus Armbruster <armbru@redhat.com> diff -r ddba92a5cba9 drivers/xen/core/xen_sysfs.c ---

...o control the ownership check of the AuthorizedKeysCommand. Default is root, so no change is done without explicit request. --- Discussed without response at[1], I thought I give it a chance here. Looking forward to fix of bug#2081, this and some others to make it possible to run sshd in complete unprivilged mode, while enjoying all benefits provided by the implmentation. Thanks! [1] http://lists.mindrot.org/pipermail/openssh-unix-dev/2014-June/032696.html -- You are receiving this mail because: You are watching the assignee of the bug.

...s to be efficiently contexted switched between domains would be useful (though use in this manner would be mutually exclusive with system-wide use). Although efforts are made to ensure the security of the xen hypercall API, it wouldn''t hurt to do a complete code audit: it is critical that unprivilged guests should not be able to access data that doesn''t belong to them, or crash the system. Efforts should be made to bound the scope of ''denial of quality of service'' attacks too. A useful tool to help test the integrity of the xen guest API would be a xen equivalent of...