| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Feb 2011 04:18:39 +0000 From: "Serge E. Hallyn" <serge@...lyn.com> To: containers@...ts.linux-foundation.org, linux-security-module@...r.kernel.org, lkml <linux-kernel@...r.kernel.org>, libvir-list@...hat.com, Dan Smith <danms@...ibm.com> Subject: if you use user namespaces Please let me know. lxc does not use them right now. Libvirt uses them for lxc containers f they are available, but I hope we can essentially have it stop for awhile. In addition, there's tons of software out there that I don't know about, and fear of breaking their use of current user namespaces has been keeping me from pushing further userns patches. I've outlined how I see user namespaces developing at https://wiki.ubuntu.com/UserNamespace . Note there is nothing new in there - some of it goes a year back, much of it more than two years. Nothing actually new. Currently user namespaces are not very useful, but they do provide separate uid accounting, and simply tossing CLONE_NEWUSER in with CLONE_NEWNS and friends has until now been safe to do. As you can see, that is going to change. So if that would cause you pain that you can't work around, please get back to me. Otherwise, I'd like to get serious soon about expanding upon, and pushing upstream, the patches to make CLONE_NEWUSER more useful for sandboxing. thanks, -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists