Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754733AbdLOLKG (ORCPT <rfc822;w@1wt.eu>);
        Fri, 15 Dec 2017 06:10:06 -0500
Received: from mail-wm0-f51.google.com ([74.125.82.51]:41360 "EHLO
        mail-wm0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753218AbdLOLKC (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 15 Dec 2017 06:10:02 -0500
X-Google-Smtp-Source: ACJfBosfPx6u+dgBNZzvMXTmkgJqn4Ewotl7n9es+gCI5hYsGu+38C7nQ9tGo0QfXGJBTHHmFTG0Cg==
Subject: Re: [PATCHv3, 1/2] capability: introduce sysctl for controlled
 user-ns capability whitelist
To: Mahesh Bandewar <mahesh@bandewar.net>,
        LKML <linux-kernel@vger.kernel.org>, Netdev <netdev@vger.kernel.org>
Cc: Kernel-hardening <kernel-hardening@lists.openwall.com>,
        Linux API <linux-api@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>, Serge Hallyn <serge@hallyn.com>,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        Eric Dumazet <edumazet@google.com>, David Miller <davem@davemloft.net>,
        Mahesh Bandewar <maheshb@google.com>
References: <20171205223101.12765-1-mahesh@bandewar.net>
From: =?UTF-8?Q?Iago_L=c3=b3pez_Galeiras?= <iago@kinvolk.io>
Message-ID: <b4367cb6-82a0-5e5b-f94f-2581ba207f77@kinvolk.io>
Date: Fri, 15 Dec 2017 12:10:00 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <20171205223101.12765-1-mahesh@bandewar.net>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 254
Lines: 6

On 12/05/2017 11:31 PM, Mahesh Bandewar wrote:
> +The value is expressed as two comma separated hex words (u32). This
> +sysctl is avaialble in init-ns and users with CAP_SYS_ADMIN in init-ns
> +are allowed to make changes.

Typo: avaialble -> available