| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAL1p7m6VGRDBrt89_5zqXzFgfZqm3mjmwH5WEn270Rwb49H7Dw@mail.gmail.com> Date: Mon, 21 Apr 2025 12:14:27 -0400 From: Joel Savitz <jsavitz@...hat.com> To: Bagas Sanjaya <bagasdotme@...il.com> Cc: linux-kernel@...r.kernel.org, Jonathan Corbet <corbet@....net>, linux-doc@...r.kernel.org Subject: Re: [PATCH v2] docs: namespace: Tweak and reword resource control doc On Sat, Apr 19, 2025 at 10:34 PM Bagas Sanjaya <bagasdotme@...il.com> wrote: > > On Sat, Apr 19, 2025 at 11:04:28AM -0400, Joel Savitz wrote: > > -There are a lot of kinds of objects in the kernel that don't have > > -individual limits or that have limits that are ineffective when a set > > -of processes is allowed to switch user ids. With user namespaces > > -enabled in a kernel for people who don't trust their users or their > > -users programs to play nice this problems becomes more acute. > > +The kernel contains many kinds of objects that either don't have > > +individual limits or that have limits which are ineffective when > > +a set of processes is allowed to switch their UID. On a system > > +where there admins don't trust their users or their users' programs, > > +user namespaces expose the system to potential misuse of resources. > > Do you mean "when there are admins who don't trust ..." or "where admins don't > trust ..."? I meant to write "the admins", my bad. > > Confused... > > -- > An old man doll... just what I always wanted! - Clara
Powered by blists - more mailing lists