From: David S. Miller Date: Mon, 15 Aug 2016 04:09:11 +0000 (-0700) Subject: Merge branch 'proc-per-ns' X-Git-Url: http://drtracing.org/?a=commitdiff_plain;h=a878c020172a7cd9fb2f691b95e2c30084a50cb4;p=deliverable%2Flinux.git Merge branch 'proc-per-ns' Dmitry Torokhov says: ==================== Make /proc per net namespace objects belong to container Currently [almost] all /proc objects belong to the global root, even if data belongs to a given namespace within a container and (at least for sysctls) we work around permssions checks to allow container's root to access the data. This series changes ownership of net namespace /proc objects (/proc/net/self/* and /proc/sys/net/*) to be container's root and not global root when there exists mapping for container's root in user namespace. This helps when running Android CTS in a container, but I think it makes sense regardless. Changes from V1: - added fix for crash when !CONFIG_NET_NS (new patch #1) - addressed Eric'c comments for error handling style in patch #3 and added his Ack - adjusted patch #2 to use the same style of erro handling - sent out as series instead of separate patches ==================== Signed-off-by: David S. Miller --- a878c020172a7cd9fb2f691b95e2c30084a50cb4