#
2078:0996dd223cdd |
| 18-Dec-2021 |
Alejandro Colomar |
Fixed indentation.
Some lines (incorrectly) had an indentation of 3 or 5, or 7 or 9, or 11 or 13, or 15 or 17 spaces instead of 4, 8, 12, or 16. Fix them.
Found with:
$ find src -type f | xargs g
Fixed indentation.
Some lines (incorrectly) had an indentation of 3 or 5, or 7 or 9, or 11 or 13, or 15 or 17 spaces instead of 4, 8, 12, or 16. Fix them.
Found with:
$ find src -type f | xargs grep -n '^ [^ ]'; $ find src -type f | xargs grep -n '^ [^ *]'; $ find src -type f | xargs grep -n '^ [^ ]'; $ find src -type f | xargs grep -n '^ [^ *]'; $ find src -type f | xargs grep -n '^ [^ +]'; $ find src -type f | xargs grep -n '^ [^ *+]'; $ find src -type f | xargs grep -n '^ [^ +]'; $ find src -type f | xargs grep -n '^ [^ *+]';
show more ...
|
Revision tags: 1.26.1-1, 1.26.1, 1.26.0-1, 1.26.0, 1.25.0-1, 1.25.0, 1.24.0-1, 1.24.0, 1.23.0-1, 1.23.0, 1.22.0-1, 1.22.0, 1.21.0-1, 1.21.0, 1.20.0-1, 1.20.0, 1.19.0-1, 1.19.0, 1.18.0-1, 1.18.0, 1.17.0-1, 1.17.0, 1.16.0-1, 1.16.0, 1.15.0-1, 1.15.0, 1.14.0-1, 1.14.0 |
|
#
1306:3604d05e48be |
| 06-Dec-2019 |
Tiago Natel |
Isolation: allowed the use of credentials with unpriv userns.
The setuid/setgid syscalls requires root capabilities but if the kernel supports unprivileged user namespace then the child process has
Isolation: allowed the use of credentials with unpriv userns.
The setuid/setgid syscalls requires root capabilities but if the kernel supports unprivileged user namespace then the child process has the full set of capabilities in the new namespace, then we can allow setting "user" and "group" in such cases (this is a common security use case).
Tests were added to ensure user gets meaningful error messages for uid/gid mapping misconfigurations.
show more ...
|
Revision tags: 1.13.0-1, 1.13.0, 1.12.0-1, 1.12.0 |
|
#
1201:563e00547881 |
| 20-Sep-2019 |
Tiago Natel |
Closing leaking file descriptor.
Found by Coverity (CID 349484).
|
Revision tags: 1.11.0-2, 1.11.0-1, 1.11.0 |
|
#
1182:325b315e48c4 |
| 19-Sep-2019 |
Tiago de Bem Natel de Moura |
Initial applications isolation support using Linux namespaces.
|