OpenVZ Forum: Devel » Re: Re: [RFC][PATCH 0/2] user namespace [try #2]

Home » Mailing lists » Devel » Re: Re: [RFC][PATCH 0/2] user namespace [try #2]

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: Re: [RFC][PATCH 0/2] user namespace [try #2] [message #6243 is a reply to message #6240]

Tue, 12 September 2006 14:07

Herbert Poetzl
Messages: 239
Registered: February 2006

Senior Member

On Tue, Sep 12, 2006 at 05:52:40PM +0400, Kirill Korotaev wrote:
> Herbert Poetzl wrote:
> > On Thu, Sep 07, 2006 at 08:09:38PM +0400, Kirill Korotaev wrote:

> >>>>imho this in acceptable for OpenVZ as makes VE files to be
> >>>>inaccessiable from host. At least this is how I understand your
> >>>>idea... Am I correct?

> >>>>>I assume the list of other things we'll need to consider includes
> >>>>> signals between user namespaces
> >>>>> keystore
> >>>>> sys_setpriority and the like
> >>>>>I might argue that all of these should be sufficiently protected
> >>>>>by proper setup by userspace. Can you explain why that is not the
> >>>>>case?

> >>>>The same requirement (ability to send signals from host to VE)
> >>>>is also applicable to signals.

> >>>at some point, we tried to move all cross context signalling
> >>>(from the host to the guests) into a special context, but later
> >>>on we moved away from that, because it was much simpler and more
> >>>intuitive to handle the signalling with a separate syscall command

> >>I'm not sure what a separate context is for, but a separate syscall
> >>is definetely not a good idea.

> > care to explain _why_ you think so?
> cause duplicating syscalls with the same meaning but just working in a
> bit different situations doesn't look good.

hmm ... well, I guess the kernel doesn't look too good then :)

.long sys_setuid16
.long sys_getuid16
.long sys_geteuid16
.long sys_setreuid16 /* 70 */
.long sys_setfsuid16
.long sys_setresuid16
.long sys_getresuid16 /* 165 */
.long sys_getuid
.long sys_geteuid
.long sys_setreuid
.long sys_setresuid
.long sys_getresuid
.long sys_setuid
.long sys_setfsuid /* 215 */

.long sys_umount /* recycled never used phys() */
.long sys_oldumount

.long sys_olduname
.long sys_uname
.long sys_newuname

.long sys_old_getrlimit
.long sys_getrlimit

best,
Herbert

> Kirill

Report message to a moderator

[Message index]

		Re: Re: [RFC][PATCH 0/2] user namespace [try #2] By: dev on Thu, 07 September 2006 15:37
		Re: Re: [RFC][PATCH 0/2] user namespace [try #2] By: Herbert Poetzl on Thu, 07 September 2006 15:48
		Re: Re: [RFC][PATCH 0/2] user namespace [try #2] By: dev on Thu, 07 September 2006 16:05
		Re: Re: [RFC][PATCH 0/2] user namespace [try #2] By: Herbert Poetzl on Thu, 07 September 2006 17:55
		Re: Re: [RFC][PATCH 0/2] user namespace [try #2] By: dev on Tue, 12 September 2006 13:48
		Re: Re: [RFC][PATCH 0/2] user namespace [try #2] By: Herbert Poetzl on Tue, 12 September 2006 14:07
		Re: Re: [RFC][PATCH 0/2] user namespace [try #2] By: serue on Thu, 07 September 2006 15:53

Previous Topic:	[S390] update fs3270 to use a struct pid
Next Topic:	Re: [RFC][PATCH 1/2] add user namespace [try #2]

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Sep 19 14:12:07 GMT 2025

Total time taken to generate the page: 0.06913 seconds