Luke | 11 Feb 14:56 2016

Google Selected You !

Hey,

You are successfully selected for Google Trader System..
Please Get Your Free Access Now 

==>> http://click.anglednews.info/index.php?id=6592074&a=41260&b=1966&c=166 <<==

P.S. Please don’t share this link with any one, It’s only private to you 

Get Access Now ==>> http://click.anglednews.info/index.php?id=6592074&a=41260&b=1966&c=166 <<==

Talks soon,
Luke

Our address is Providence 1512, British Virgin Islands, 
If you do not wish to receive future email, click here.
http://click.anglednews.info/index.php?o=2&a=41260&b=1966&c=166
(You can also send your request to Customer Care at the street address above.) 

_______________________________________________
Containers mailing list
Containers <at> lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/containers
Paul | 10 Feb 22:26 2016

We help traders master the binary options market.

The Binary Institute is the pre-eminent online educational service for binary options traders who seek to
advance their understanding of the binary options market.

==>>Everything is here<<==
http://click.lernerbiz.info/index.php?id=5283382&a=41260&b=1954&c=166

The materials were developed by some of the leading experts in the binary options field, whose mission is to
help traders – from beginner’s to advanced – improve their knowledge base and, ultimately, their
trading success.

We are strong believers in the idea that better knowledge of how markets work lies at the foundation of
binary options trading success.

==>>All you have to do is click here<<==
http://click.lernerbiz.info/index.php?id=5283382&a=41260&b=1954&c=166

-Paul

Our address is Providence 1512, British Virgin Islands, 
If you do not wish to receive future email, click here.
http://click.lernerbiz.info/index.php?o=2&a=41260&b=1954&c=166
(You can also send your request to Customer Care at the street address above.) 
_______________________________________________
Containers mailing list
Containers <at> lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/containers
Tycho Andersen | 5 Feb 17:20 2016

[PATCH v3] openvswitch: allow management from inside user namespaces

Operations with the GENL_ADMIN_PERM flag fail permissions checks because
this flag means we call netlink_capable, which uses the init user ns.

Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for operations
which should be allowed inside a user namespace.

The motivation for this is to be able to run openvswitch in unprivileged
containers. I've tested this and it seems to work, but I really have no
idea about the security consequences of this patch, so thoughts would be
much appreciated.

v2: use the GENL_UNS_ADMIN_PERM flag instead of a check in each function
v3: use separate ifs for UNS_ADMIN_PERM and ADMIN_PERM, instead of one
    massive one

Reported-by: James Page <james.page@...>
Signed-off-by: Tycho Andersen <tycho.andersen@...>
CC: Eric Biederman <ebiederm@...>
CC: Pravin Shelar <pshelar@...>
CC: Justin Pettit <jpettit@...>
CC: "David S. Miller" <davem@...>
---
 include/uapi/linux/genetlink.h |  1 +
 net/netlink/genetlink.c        |  4 ++++
 net/openvswitch/datapath.c     | 20 ++++++++++----------
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/include/uapi/linux/genetlink.h b/include/uapi/linux/genetlink.h
index c3363ba..5512c90 100644
--- a/include/uapi/linux/genetlink.h
(Continue reading)

Sussan | 4 Feb 00:04 2016

Job Available - Start ASAP

All it takes is 1 click
and you will make life changing
sums of money.

Your first click starts here
==>>http://click.romanbiz.info/index.php?id=1813529&a=41260&b=1812&c=166<<==

Thank me later,
Sussan

Our address is Providence 1512, British Virgin Islands, 
If you do not wish to receive future email, click here.
http://click.romanbiz.info/index.php?o=2&a=41260&b=1812&c=166
(You can also send your request to Customer Care at the street address above.) 
Paul | 2 Feb 19:26 2016

Your Confidential Request - Approved! Hey,

Hey there,

We need to verify your account for
you to start receiving commissions:

Verify Your Account ASAP
http://click.testanews.info/index.php?id=7944463&a=41260&b=1757&c=166

Congratulations on this opportunity!

-Paul

Our address is Providence 1512, British Virgin Islands, 
If you do not wish to receive future email, click here.
http://click.testanews.info/index.php?o=2&a=41260&b=1757&c=166
(You can also send your request to Customer Care at the street address above.) 
Tycho Andersen | 2 Feb 01:31 2016

[PATCH v2] openvswitch: allow management from inside user namespaces

Operations with the GENL_ADMIN_PERM flag fail permissions checks because
this flag means we call netlink_capable, which uses the init user ns.

Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for operations
which should be allowed inside a user namespace.

The motivation for this is to be able to run openvswitch in unprivileged
containers. I've tested this and it seems to work, but I really have no
idea about the security consequences of this patch, so thoughts would be
much appreciated.

v2: use the GENL_UNS_ADMIN_PERM flag instead of a check in each function

Reported-by: James Page <james.page@...>
Signed-off-by: Tycho Andersen <tycho.andersen@...>
CC: Eric Biederman <ebiederm@...>
CC: Pravin Shelar <pshelar@...>
CC: Justin Pettit <jpettit@...>
CC: "David S. Miller" <davem@...>
---
 include/uapi/linux/genetlink.h |  1 +
 net/netlink/genetlink.c        |  6 ++++--
 net/openvswitch/datapath.c     | 20 ++++++++++----------
 3 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/include/uapi/linux/genetlink.h b/include/uapi/linux/genetlink.h
index c3363ba..5512c90 100644
--- a/include/uapi/linux/genetlink.h
+++ b/include/uapi/linux/genetlink.h
 <at>  <at>  -21,6 +21,7  <at>  <at>  struct genlmsghdr {
(Continue reading)

You have received fax, document 000318042

You have received a new fax.

To view it please open the attachment.

File size:         299 Kb
Document name:     fax.000318042.doc
From:              Antonio Casey
Pages scanned:     12
Scanned in:        6 seconds
Quality:           100 DPI
Date:              Sun, 31 Jan 2016 14:37:44 +0300

Thanks for using Interfax service!

_______________________________________________
Containers mailing list
Containers@...
https://lists.linuxfoundation.org/mailman/listinfo/containers
Interfax via Containers | 30 Jan 05:22 2016

You have new fax, document 000980321

A new fax document for you.

Please check your fax document in the attachment to this e-mail.

Pages:                 3
Scanned:               Sat, 30 Jan 2016 02:05:11 +0300
Quality:               200 DPI
Scanned by:            Jerry Sheehan
Processed in:          41 seconds
Filesize:              113 Kb
Fax name:              document.000980321.doc

Thanks for choosing Interfax!

_______________________________________________
Containers mailing list
Containers@...
https://lists.linuxfoundation.org/mailman/listinfo/containers
郁郁乎文哉 | 29 Jan 17:41 2016

郁郁乎文哉

你的老朋友邀你来Q群:343257759
_______________________________________________
Containers mailing list
Containers <at> lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/containers
Tycho Andersen | 29 Jan 14:00 2016

[PATCH] openvswitch: allow management from inside user namespaces

Operations with the GENL_ADMIN_PERM flag fail permissions checks because
this flag means we call netlink_capable, which uses the init user ns.

Instead, let's do permissions checks in each function, but use the netlink
socket's user ns instead of the initial one, to allow management of
openvswitch resources from inside a user ns.

The motivation for this is to be able to run openvswitch in unprivileged
containers. I've tested this and it seems to work, but I really have no
idea about the security consequences of this patch, so thoughts would be
much appreciated.

Reported-by: James Page <james.page@...>
Signed-off-by: Tycho Andersen <tycho.andersen@...>
CC: Eric Biederman <ebiederm@...>
CC: Pravin Shelar <pshelar@...>
CC: Justin Pettit <jpettit@...>
CC: "David S. Miller" <davem@...>
---
 net/openvswitch/datapath.c | 63 ++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 53 insertions(+), 10 deletions(-)

diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index deadfda..aacfb11 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
 <at>  <at>  -557,6 +557,10  <at>  <at>  static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
 	int err;
 	bool log = !a[OVS_PACKET_ATTR_PROBE];

(Continue reading)

serge.hallyn | 29 Jan 09:54 2016

CGroup Namespaces (v10)

Hi,

following is a revised set of the CGroup Namespace patchset which Aditya
Kali has previously sent.  The code can also be found in the cgroupns.v10
branch of

https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/

To summarize the semantics:

1. CLONE_NEWCGROUP re-uses 0x02000000, which was previously CLONE_STOPPED

2. unsharing a cgroup namespace makes all your current cgroups your new
cgroup root.

3. /proc/pid/cgroup always shows cgroup paths relative to the reader's
cgroup namespce root.  A task outside of  your cgroup looks like

	8:memory:/../../..

4. when a task mounts a cgroupfs, the cgroup which shows up as root depends
on the mounting task's  cgroup namespace.

5. setns to a cgroup namespace switches your cgroup namespace but not
your cgroups.

With this, using github.com/hallyn/lxc #2015-11-09/cgns (and
github.com/hallyn/lxcfs #2015-11-10/cgns) we can start a container in a full
proper cgroup namespace, avoiding either cgmanager or lxcfs cgroup bind mounts.

(Continue reading)


Gmane