OpenVZ Forum


Home » Mailing lists » Devel » [PATCH][RFC] Cleanup in namespaces unsharing
Re: [PATCH][RFC] Cleanup in namespaces unsharing [message #13956 is a reply to message #13953] Fri, 08 June 2007 13:01 Go to previous messageGo to previous message
Pavel Emelianov is currently offline  Pavel Emelianov
Messages: 1149
Registered: September 2006
Senior Member
Cedric Le Goater wrote:
> Pavel Emelianov wrote:
>> Cedric Le Goater wrote:
>>> Pavel Emelianov wrote:

[snip]

>>>> Did I miss something in the design or this patch worth merging?
>>> I've sent a more brutal patch in the past removing CONFIG_IPC_NS
>>> and CONFIG_UTS_NS. Might be a better idea ?
>> In case namespaces do not produce performance loss - yes.
>>
>> By that patch I also wanted to note that we'd better make
>> all the other namespaces check for flags themselves, not
>> putting this in the generic code.
>
> yep. let's fix that in the coming ones if they have config option.
>
> a similar issue is the following check done in
> unshare_nsproxy_namespaces() and copy_namespaces() :
>
> if (!capable(CAP_SYS_ADMIN))
> return -EPERM;
>
> it would be interesting to let the namespace handle the unshare
> permissions. CAP_SYS_ADMIN shouldn't be required for all namespaces.
> ipc is one example.

Frankly, I think that some capability *is* required for
cloning the namespaces.

>
> C.
>

Thanks,
Pavel
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: [PATCH -mm] remove CONFIG_UTS_NS and CONFIG_IPC_NS
Next Topic: [PATCH -mm 2/2] user namespace : add unshare
Goto Forum:
  


Current Time: Thu Sep 12 00:14:37 GMT 2024

Total time taken to generate the page: 0.05395 seconds