OpenVZ Forum: Devel » [PATCH 0/8] user namespace: Introduction

Home » Mailing lists » Devel » [PATCH 0/8] user namespace: Introduction

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [PATCH 7/8] user ns: handle file sigio [message #17334 is a reply to message #17330]

Thu, 25 January 2007 15:32

serue
Messages: 750
Registered: February 2006

Senior Member

Quoting Andrew Morton (akpm@osdl.org):
> On Wed, 24 Jan 2007 12:58:45 -0600
> "Serge E. Hallyn" <serue@us.ibm.com> wrote:
> 
> > > If we need to I can see doing something special if the process setting
> > > fown has CAP_KILL
> > 
> > Obviously CAP_KILL is insufficient :)  I assume you mean a new
> > CAP_XNS_CAP_KILL?
> > 
> > > and bypassing the security checks that way, but
> > > hard coding rules like that when it doesn't appear we have any
> > > experience to indicate we need the extra functionality looks
> > > premature.
> > 
> > Ok, in this case actually I suspect you're right and we can just ditch
> > the exception.  But in general the security discussion is one we should
> > still have.
> 
> People like security.
> 
> Where do we now stand with this patch, and with "[PATCH 4/8] user ns: hook permission"?

Later today I can send a patch against this set which removes the
the init_task exceptions (out of patch 3 and patch 7), but I'd prefer
to leave the MS_SHARED_NS option (patch 6) in.

thanks,
-serge
_______________________________________________
Containers mailing list
Containers@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers

Report message to a moderator

[Message index]

		[PATCH 0/8] user namespace: Introduction By: serue on Tue, 19 December 2006 22:59
		[PATCH 1/8] nsproxy: externalizes exit_task_namespaces By: serue on Tue, 19 December 2006 22:59
		[PATCH 2/8] user ns: add the framework By: serue on Tue, 19 December 2006 23:00
		[PATCH 3/8] user ns: add user_namespace ptr to vfsmount By: serue on Tue, 19 December 2006 23:00
		[PATCH 4/8] user ns: hook permission By: serue on Tue, 19 December 2006 23:00
		Re: [PATCH 4/8] user ns: hook permission By: ebiederm on Wed, 24 January 2007 17:06
		Re: [PATCH 4/8] user ns: hook permission By: serue on Wed, 24 January 2007 19:06
		[PATCH 5/8] user ns: prepare copy_tree, copy_mnt, and their callers to handle errs By: serue on Tue, 19 December 2006 23:01
		[PATCH 6/8] user ns: implement shared mounts By: serue on Tue, 19 December 2006 23:01
		[PATCH 7/8] user ns: handle file sigio By: serue on Tue, 19 December 2006 23:01
		Re: [PATCH 7/8] user ns: handle file sigio By: ebiederm on Wed, 24 January 2007 17:23
		Re: [PATCH 7/8] user ns: handle file sigio By: serue on Wed, 24 January 2007 18:58
		Re: [PATCH 7/8] user ns: handle file sigio By: Andrew Morton on Thu, 25 January 2007 08:12
		Re: [PATCH 7/8] user ns: handle file sigio By: serue on Thu, 25 January 2007 15:32
		Re: [PATCH 7/8] user ns: handle file sigio By: serue on Fri, 26 January 2007 05:38
		Re: [PATCH 7/8] user ns: handle file sigio By: Andrew Morton on Fri, 26 January 2007 06:09
		[PATCH 8/8] user ns: implement user ns unshare By: serue on Tue, 19 December 2006 23:01

Previous Topic:	[RFC][PATCH 1/3]: Replace pid_t in autofs with struct pid reference.
Next Topic:	Re: [PATCH] namespaces: fix exit race by splitting exit

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Wed Sep 10 20:17:36 GMT 2025

Total time taken to generate the page: 0.08645 seconds