| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87ecperpid.fsf@email.froward.int.ebiederm.org> Date: Mon, 01 Dec 2025 13:06:02 -0600 From: "Eric W. Biederman" <ebiederm@...ssion.com> To: Christian Brauner <brauner@...nel.org> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, Linux Containers <containers@...ts.linux.dev> Subject: Re: [GIT PULL 05/17 for v6.19] namespaces Christian Brauner <brauner@...nel.org> writes: > Hey Linus, > > /* Summary */ > This contains substantial namespace infrastructure changes including a new > system call, active reference counting, and extensive header cleanups. > The branch depends on the shared kbuild branch for -fms-extensions > support. I am missing something. From the description it looks like you are making nested containers impossible once this feature is adopted. Because the container will be able to see all of the other namespaces and thus to see outside of it's own namespace. The reason such as system call has not been introduced in the past is because it introduces the namespace of namespace problem. How have you solved the namespace of namespaces problem? If you want nesting of containers the listing of namespaces very much must be incomplete. I haven't looked at reviewed or looked at the code yet because the code was not posted in any of the usual places for container development, nor was I copied. Can you please describe how you are avoiding the namespace of namespaces problem? Eric
Powered by blists - more mailing lists