[v2,2/4] capabilities: Add securebit to restrict userns caps

Received: from flow3-smtp.messagingengine.com (flow3-smtp.messagingengine.com
 [103.168.172.138])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92DFE24B5B;
	Sun,  9 Jun 2024 10:40:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=103.168.172.138
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717929626; cv=none;
 b=MlH8pasWbdjNKoMEAH0ByMjrYkFd1ywp0dhKoKwBZuQ+RVAgRAt2kp9kKfU8kcqQPqMFvJknuRfHFCdLONFf6hUM+55Wn/LooWVqUmukpc94WwLrDT3QxWvrplV1XY5Ne7DV/KN0rhWZACWSEh1Fv4vIW//j1/KQ3erTjbG12Ds=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717929626; c=relaxed/simple;
	bh=TRflIsPbASjR72yTWpx34CeYRaOCTbvPLNUnQ9bjQ6k=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=cyHRtGU0UTWsa3c3klDSM7osXZp0bK5gpF8w9zmjdCDrC8VlDAtkCjbFejhVlyGV8gmJ08ujvoVmoGc2x4Xm6Fp+tUzYe90KfVqJkIf0fbWSVqIYf5gzDBRzGcE1vl8rWLCF5Mp96OqQz2rC7o6YTGWovaAE/B5P9ddr+ZP8zuc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=3xx0.net;
 spf=pass smtp.mailfrom=3xx0.net;
 dkim=pass (2048-bit key) header.d=3xx0.net header.i=@3xx0.net
 header.b=gsfwPULs;
 dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com
 header.b=UQOz4ItZ; arc=none smtp.client-ip=103.168.172.138
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=3xx0.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=3xx0.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=3xx0.net header.i=@3xx0.net
 header.b="gsfwPULs";
	dkim=pass (2048-bit key) header.d=messagingengine.com
 header.i=@messagingengine.com header.b="UQOz4ItZ"
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
	by mailflow.nyi.internal (Postfix) with ESMTP id C56CA2001CA;
	Sun,  9 Jun 2024 06:40:23 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute4.internal (MEProxy); Sun, 09 Jun 2024 06:40:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=3xx0.net; h=cc
	:cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm1; t=1717929623;
	 x=1717933223; bh=givYjoPOL2k44qEG2AAhLIKWw+SaQbnMN2v1JiAaofI=; b=
	gsfwPULsB5vGdh2divKYeX2pT9m7EhL7B8rHXxOxGrnjOluHppy8OC6V/mJFZ6qG
	RGZcSmXNOCxb86qNZyXSSrkCYSSNJ9fnL2PcxZexz4wNzkoDLbnKrmufOi8NZbxh
	Xa98Juv3S2ziLBs3ZYQD2XnvkNKcsZhPrQUJbcXDnTANkMHzxI/6MfevpAQntzGf
	Egvm14viEkR/hpYGwq/KECjvzN29akriG+vYyD0Br1E+t63mN4IVRmEv1tM2WvvO
	P7jQi1XAUOdoJL54p8/6s6eCb8Ob+1d1gFaOITzeWyhTtj8EB1Ed5dUJgUyZHsh7
	z7FP+gbbFde7LylQsszfzw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:content-type:date:date:feedback-id:feedback-id
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1717929623; x=
	1717933223; bh=givYjoPOL2k44qEG2AAhLIKWw+SaQbnMN2v1JiAaofI=; b=U
	QOz4ItZeUl4PBUxODr3Q1h/fZXwI+Q1LDY2gPrf9FL0OOyk0CzxxbTIYafM5jirH
	3aqh0gd+G3OxbxmS5+pVaTFKGlbuY3eDMUfWnIu6I5w2hY24b2PTQOiZuVmNhkuK
	buF6oUecCbOTJvDq1E2f/kWHwXJTxc99KNz/GzlZ1n8jggHlgeJF7bmb5Cc4vtxh
	4vzpRpoH9t5M6rATh/++1ojrpJscOK2seRo2HShpcDLGqIpAOx/b+emrqla23Ope
	yPTI0OchbCaPiW9X1EfFPq2auSr8tfeQ8q2teol3k5kFk0wM016PJ/Yc6FbScqbY
	+ikf/xa1m4gqMjtItzmDw==
X-ME-Sender: <xms:l4ZlZpAnNuuxKPDr2Cd6FBTRHnbQHjA9iJqJ4vtInMEttqloUvxL3w>
    <xme:l4ZlZnhUUG5XLMuxwvF80Ztx7mxdiLYJkN9_fky8qYyIzQrHsQIGX186FBjOqQ6no
    AUWoGLH52kM3Rf3MZc>
X-ME-Received: 
 <xmr:l4ZlZkkfGAqHkbW_x8-j2v_acbqpImowU9kXZ95ojAtc5RRkNQjTGleBF0HboqHBacD1A9zHgRg8_pAIMZjUemRvghpdz9qZz344rHcQr0Y1pQ>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgedvledrfedtjedgfeduucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
    cujfgurhephffvvefufffkofgjfhggtgfgsehtkeertdertdejnecuhfhrohhmpeflohhn
    rghthhgrnhcuvegrlhhmvghlshcuoehjtggrlhhmvghlshesfeiggidtrdhnvghtqeenuc
    ggtffrrghtthgvrhhnpeeiueeukeeitddvheeiveeiiedvhfeljeeiteeggedtteeiueet
    iefhudfgvddvleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh
    hrohhmpehjtggrlhhmvghlshesfeiggidtrdhnvght
X-ME-Proxy: <xmx:l4ZlZjxUkGLqs4oogIXztRVN01SaUztAQoyf4JRjSNo3W1Ff2FE5Tw>
    <xmx:l4ZlZuSJtY7q7t2kw7m88WXzlCDmeh5426CQ8jJ2JXo_CLz32Ee2BA>
    <xmx:l4ZlZmYqRTSIK4t09w7Ut9EkpHVDxBdVpRJrKxp9ntVw67oszXyFTA>
    <xmx:l4ZlZvRCMGICE2VMFlgubWMv7nGxzwWG6vWPlCu8SgaPTi-k1iZ6lQ>
    <xmx:l4ZlZsCGVIS4MEQvAhrZIJNWsOX2P9j682pJAC79bR95XH88HzCOxkbV>
Feedback-ID: i76614979:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun,
 9 Jun 2024 06:40:19 -0400 (EDT)
From: Jonathan Calmels <jcalmels@3xx0.net>
To: brauner@kernel.org,	ebiederm@xmission.com,
	Jonathan Corbet <corbet@lwn.net>,	Paul Moore <paul@paul-moore.com>,
	James Morris <jmorris@namei.org>,	"Serge E. Hallyn" <serge@hallyn.com>,
	KP Singh <kpsingh@kernel.org>,	Matt Bobrowski <mattbobrowski@google.com>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>,
	Eduard Zingerman <eddyz87@gmail.com>,	Song Liu <song@kernel.org>,
	Yonghong Song <yonghong.song@linux.dev>,
	John Fastabend <john.fastabend@gmail.com>,
	Stanislav Fomichev <sdf@google.com>,	Hao Luo <haoluo@google.com>,
	Jiri Olsa <jolsa@kernel.org>,	Luis Chamberlain <mcgrof@kernel.org>,
	Kees Cook <kees@kernel.org>,	Joel Granados <j.granados@samsung.com>,
	John Johansen <john.johansen@canonical.com>,
	David Howells <dhowells@redhat.com>,	Jarkko Sakkinen <jarkko@kernel.org>,
	Stephen Smalley <stephen.smalley.work@gmail.com>,
	Ondrej Mosnacek <omosnace@redhat.com>,	Mykola Lysenko <mykolal@fb.com>,
	Shuah Khan <shuah@kernel.org>
Cc: containers@lists.linux.dev,
	Jonathan Calmels <jcalmels@3xx0.net>,
	linux-kernel@vger.kernel.org,
	linux-fsdevel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	bpf@vger.kernel.org,
	apparmor@lists.ubuntu.com,
	keyrings@vger.kernel.org,
	selinux@vger.kernel.org,
	linux-kselftest@vger.kernel.org
Subject: [PATCH v2 2/4] capabilities: Add securebit to restrict userns caps
Date: Sun,  9 Jun 2024 03:43:35 -0700
Message-ID: <20240609104355.442002-3-jcalmels@3xx0.net>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240609104355.442002-1-jcalmels@3xx0.net>
References: <20240609104355.442002-1-jcalmels@3xx0.net>
Precedence: bulk
X-Mailing-List: linux-kselftest@vger.kernel.org
List-Id: <linux-kselftest.vger.kernel.org>
List-Subscribe: <mailto:linux-kselftest+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kselftest+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit