| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87bn6p7gwx.fsf@x220.int.ebiederm.org> Date: Mon, 07 Mar 2016 22:05:50 -0600 From: ebiederm@...ssion.com (Eric W. Biederman) To: Andy Lutomirski <luto@...capital.net> Cc: "Serge E. Hallyn" <serge@...lyn.com>, Serge Hallyn <serge.hallyn@...ntu.com>, Seth Forshee <seth.forshee@...onical.com>, lkml <linux-kernel@...r.kernel.org>, Stéphane Graber <stgraber@...ntu.com> Subject: Re: user namespace and fully visible proc and sys mounts Andy Lutomirski <luto@...capital.net> writes: > On Mon, Mar 7, 2016 at 4:07 PM, Eric W. Biederman <ebiederm@...ssion.com> wrote: >> Andy Lutomirski <luto@...capital.net> writes: >> >>> On a related note, can we *please* find a way to constrain namespace >>> creation in a way that might satisfy the RHEL crowd? >> >> I am not certain to what you are referrring. >> >> As long as folks are willing to work with me I am happy to help design >> and design something that makes things better for everyone. If someone >> pushes hard, suggestes crappy patches, and does not listen to >> constructive feedback I will shoot their patches down (especially when I >> am sick and tired as I have been more than I would like this development >> cycle). > > I think we should add some mechanism that will allow the right to > create various namespaces to be constrained in a useful and usable > manner. I'll start a new thread. On the general principle that there is more attack surface, and attack surface reduction is generally good I agree. I will await your follow on thread when you are ready. Eric
Powered by blists - more mailing lists