OpenVZ Forum


Home » Mailing lists » Devel » Re: user namespaces config option
Re: user namespaces config option [message #19712] Thu, 16 August 2007 11:56
serue is currently offline  serue
Messages: 750
Registered: February 2006
Senior Member
 
Quoting Pavel Emelyanov (xemul@openvz.org):
> Hi, Cedric, Serge.
>
> I have noticed, that you have removed config options for
> uts and ipc namespaces but kept one for user namespace.
>
> What's the policy about what namespaces should have config
> option? I thought, that the only code that is worth having
> under option is clone/destroy one to save .text size for
> people who don't need them (embedded).

The user namespaces are under a config and marked experimental because
uid-based permission checks do not take namespaces into account and the
root user in a namespace is not at all controlled.  You can handle the
security implications using selinux, but I guess the fear is that people
would assume uid namespaces do more than they currently do.

-serge
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

Report message to a moderator

[Message index]
 
Read Message
Previous Topic: containers mini-summit?
Next Topic: [PATCH 19/20] Changes to show virtual ids to user
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Mon Jul 14 13:06:37 GMT 2025

Total time taken to generate the page: 0.01601 seconds
Powered by FUDforum Powered by Virtuozzo Containers