Linux kernel documentation tree maintained by Jonathan Corbet http://mirrors.hust.edu.cn/git/lwn.git/atom?h=master 2025-11-03T16:41:22+00:00 2025-11-03T16:41:22+00:00 Christian Brauner brauner@kernel.org 2025-10-29T12:21:07+00:00 urn:sha1:39bcc7ae57867110265bbbf60999e85b522ae624 Test that dropping CAP_SYS_ADMIN restricts what we can see. Link: https://patch.msgid.link/20251029-work-namespace-nstree-listns-v4-54-2e6f823ebdc0@kernel.org Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-11-03T16:41:22+00:00 Christian Brauner brauner@kernel.org 2025-10-29T12:21:06+00:00 urn:sha1:cff66421ee59618c6623008ca7281e7113701631 Test that we can see user namespaces we have CAP_SYS_ADMIN inside of. This is different from seeing namespaces owned by a user namespace. Link: https://patch.msgid.link/20251029-work-namespace-nstree-listns-v4-53-2e6f823ebdc0@kernel.org Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-11-03T16:41:22+00:00 Christian Brauner brauner@kernel.org 2025-10-29T12:21:05+00:00 urn:sha1:1c28817eb37eea6593f8734a01b419f33df0ab5b Test that CAP_SYS_ADMIN in parent user namespace allows seeing child user namespace's owned namespaces. Link: https://patch.msgid.link/20251029-work-namespace-nstree-listns-v4-52-2e6f823ebdc0@kernel.org Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-11-03T16:41:22+00:00 Christian Brauner brauner@kernel.org 2025-10-29T12:21:04+00:00 urn:sha1:6f360f2b2f2285ad3cc8072afde0e3eeb2b926e5 Test permission checking with LISTNS_CURRENT_USER. Verify that listing with LISTNS_CURRENT_USER respects permissions. Link: https://patch.msgid.link/20251029-work-namespace-nstree-listns-v4-51-2e6f823ebdc0@kernel.org Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-11-03T16:41:22+00:00 Christian Brauner brauner@kernel.org 2025-10-29T12:21:03+00:00 urn:sha1:2635f93989bf15456ccfd06df6a1f5a4a3928aa7 Test that users cannot see namespaces from unrelated user namespaces. Create two sibling user namespaces, verify they can't see each other's owned namespaces. Link: https://patch.msgid.link/20251029-work-namespace-nstree-listns-v4-50-2e6f823ebdc0@kernel.org Tested-by: syzbot@syzkaller.appspotmail.com Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-11-03T16:41:22+00:00 Christian Brauner brauner@kernel.org 2025-10-29T12:21:02+00:00 urn:sha1:ec382377311b5032bfd9f4844d8a5884d1facbf6 Test that users with CAP_SYS_ADMIN in a user namespace can see all namespaces owned by that user namespace. Link: https://patch.msgid.link/20251029-work-namespace-nstree-listns-v4-49-2e6f823ebdc0@kernel.org Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-11-03T16:41:22+00:00 Christian Brauner brauner@kernel.org 2025-10-29T12:21:01+00:00 urn:sha1:1f8ee4a1f94afcf7680a9537a397c27a4919ccec Test that unprivileged users can only see namespaces they're currently in. Create a namespace, drop privileges, verify we can only see our own namespaces. Link: https://patch.msgid.link/20251029-work-namespace-nstree-listns-v4-48-2e6f823ebdc0@kernel.org Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org>