[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20110207041839.GA25871@mail.hallyn.com>
Date: Mon, 7 Feb 2011 04:18:39 +0000
From: "Serge E. Hallyn" <serge@...lyn.com>
To: containers@...ts.linux-foundation.org,
linux-security-module@...r.kernel.org,
lkml <linux-kernel@...r.kernel.org>, libvir-list@...hat.com,
Dan Smith <danms@...ibm.com>
Subject: if you use user namespaces
Please let me know. lxc does not use them right now. Libvirt uses them
for lxc containers f they are available, but I hope we can essentially
have it stop for awhile. In addition, there's tons of software out
there that I don't know about, and fear of breaking their use of current
user namespaces has been keeping me from pushing further userns patches.
I've outlined how I see user namespaces developing at
https://wiki.ubuntu.com/UserNamespace . Note there is nothing new
in there - some of it goes a year back, much of it more than two
years. Nothing actually new.
Currently user namespaces are not very useful, but they do provide
separate uid accounting, and simply tossing CLONE_NEWUSER in with
CLONE_NEWNS and friends has until now been safe to do. As you can
see, that is going to change. So if that would cause you pain that
you can't work around, please get back to me. Otherwise, I'd like
to get serious soon about expanding upon, and pushing upstream, the
patches to make CLONE_NEWUSER more useful for sandboxing.
thanks,
-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists