[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190415155034.GA25351@mail.hallyn.com>
Date: Mon, 15 Apr 2019 10:50:34 -0500
From: "Serge E. Hallyn" <serge@...lyn.com>
To: "Enrico Weigelt, metux IT consult" <lkml@...ux.net>
Cc: Christian Brauner <christian@...uner.io>,
torvalds@...ux-foundation.org, viro@...iv.linux.org.uk,
jannh@...gle.com, dhowells@...hat.com, linux-api@...r.kernel.org,
linux-kernel@...r.kernel.org, serge@...lyn.com, luto@...nel.org,
arnd@...db.de, ebiederm@...ssion.com, keescook@...omium.org,
tglx@...utronix.de, mtk.manpages@...il.com,
akpm@...ux-foundation.org, oleg@...hat.com, cyphar@...har.com,
joel@...lfernandes.org, dancol@...gle.com
Subject: Re: RFC: on adding new CLONE_* flags [WAS Re: [PATCH 0/4] clone: add
CLONE_PIDFD]
On Mon, Apr 15, 2019 at 12:08:09PM +0200, Enrico Weigelt, metux IT consult wrote:
> On 14.04.19 22:14, Christian Brauner wrote:
>
> Hi folks,
>
> > This patchset makes it possible to retrieve pid file descriptors at
> > process creation time by introducing the new flag CLONE_PIDFD to the
> > clone() system call as previously discussed.
>
> Sorry, for highjacking this thread, but I'm curious on what things to
> consider when introducing new CLONE_* flags.
>
> The reason I'm asking is:
>
> I'm working on implementing plan9-like fs namespaces, where unprivileged
> processes can change their own namespace at will. For that, certain
Is there any place where we can see previous discussion about this?
> traditional unix'ish things have to be disabled, most notably suid.
If you have to disable suid anyway, then is there any reason why the
existing ability to do this in a private user namespace, with only
your own uid mapped (which you can do without any privilege) does
not suffice? That was actually one of the main design goals of user
namespaces, to be able to clone(CLONE_NEWUSER), map your current uid,
then clone(CLONE_NEWNS) and bind mount at will.
> As forbidding suid can be helpful in other scenarios, too, I thought
> about making this its own feature. Doing that switch on clone() seems
> a nice place for that, IMHO.
>
> As there might be potentially even more CLONE_* flags in the future,
> and the bitmask size is limited, this raises the question on how to
> proceed with those flag additions in the future.
>
> What's your thoughts on that ?
>
>
> --mtx
>
> --
> Enrico Weigelt, metux IT consult
> Free software and Linux embedded engineering
> info@...ux.net -- +49-151-27565287
Powered by blists - more mailing lists