lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 18 May 2024 14:21:58 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Jarkko Sakkinen" <jarkko@...nel.org>, "Jonathan Calmels"
 <jcalmels@...0.net>, "Casey Schaufler" <casey@...aufler-ca.com>
Cc: <brauner@...nel.org>, <ebiederm@...ssion.com>, "Luis Chamberlain"
 <mcgrof@...nel.org>, "Kees Cook" <keescook@...omium.org>, "Joel Granados"
 <j.granados@...sung.com>, "Serge Hallyn" <serge@...lyn.com>, "Paul Moore"
 <paul@...l-moore.com>, "James Morris" <jmorris@...ei.org>, "David Howells"
 <dhowells@...hat.com>, <containers@...ts.linux.dev>,
 <linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>,
 <linux-security-module@...r.kernel.org>, <keyrings@...r.kernel.org>
Subject: Re: [PATCH 0/3] Introduce user namespace capabilities

On Sat May 18, 2024 at 2:17 PM EEST, Jarkko Sakkinen wrote:
> On Sat May 18, 2024 at 2:08 PM EEST, Jarkko Sakkinen wrote:
> > On Fri May 17, 2024 at 10:11 PM EEST, Jonathan Calmels wrote:
> > > On Fri, May 17, 2024 at 10:53:24AM GMT, Casey Schaufler wrote:
> > > > Of course they do. I have been following the use of capabilities
> > > > in Linux since before they were implemented. The uptake has been
> > > > disappointing in all use cases.
> > >
> > > Why "Of course"?
> > > What if they should not get *all* privileges?
> >
> > They do the job given a real-world workload and stress test.
> >
> > Here the problem is based on a theory and an experiment.
> >
> > Even a formal model does not necessarily map all "unknown unknowns".
>
> So this was like the worst "sales pitch" ever:
>
> 1. The cover letter starts with the idea of having to argue about name
> spaces, and have fun while doing that ;-) We all have our own ways to
> entertain ourselves but "name space duels" are not my thing. Why not
> just start with why we all want this instead? Maybe we don't want it
> then. Maybe this is just useless spam given the angle presented?
> 2. There's shitloads of computer science and set theory but nothing
> that would make common sense. You need to build more understandable 
> model. There's zero "gist" in this work.
>
> Maybe this does make sense but the story around it sucks so far.

One tip: I think this is wrong forum to present namespace ideas in the
first place. It would be probably better to talk about this with e.g.
systemd or podman developers, and similar groups. There's zero evidence
of the usefulness. Then when you go that route and come back with actual
users, things click much more easily. Now this is all in the void.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ