OpenVZ Forum


Home » Mailing lists » Devel » [RFC] [PATCH 0/3] user ns and vfs: Introduction
Re: [RFC] [PATCH 0/3] user ns and vfs: Introduction [message #16756 is a reply to message #16748] Fri, 17 November 2006 15:19 Go to previous message
serue is currently offline  serue
Messages: 750
Registered: February 2006
Senior Member
 
Quoting Serge E. Hallyn (serue@us.ibm.com):
> From: Serge E. Hallyn <serue@us.ibm.com>
> Subject: [RFC] [PATCH 0/3] user ns and vfs: Introduction
> 
> Cedric has previously sent out a patchset
> (http://lists.osdl.org/pipermail/containers/2006-August/000078.html)
> impplementing the very basics of a user namespace. It ignores
> filesystem access checks, so that uid 502 in one namespace could
> access files belonging to uid 502 in another namespace, if the
> containers were so set up.

Oh, and the real question, which i forgot to ask - for those
who objected to Cedric's patchset on the grounds of lack of file access
controls, does this patchset address your concerns?

It seems to me it provides isolation to those who want it, while leaving
the door open to a uid mapping solution (whether in a stackable fs, a
global-uidaware fs, or whatever) in the future.

thanks,
-serge
_______________________________________________
Containers mailing list
Containers@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: [PATCH] retries in ext3_prepare_write() violate ordering requirements
Next Topic: task_session() and task->signal->session
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun Jul 27 13:44:06 GMT 2025

Total time taken to generate the page: 0.43398 seconds
Powered by FUDforum Powered by Virtuozzo Containers