lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251203-aussaat-anreden-1df55ee85463@brauner>
Date: Wed, 3 Dec 2025 11:07:37 +0100
From: Christian Brauner <brauner@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, 
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Linux Containers <containers@...ts.linux.dev>
Subject: Re: [GIT PULL 05/17 for v6.19] namespaces

On Tue, Dec 02, 2025 at 09:00:57AM -0800, Linus Torvalds wrote:
> On Mon, 1 Dec 2025 at 11:06, Eric W. Biederman <ebiederm@...ssion.com> wrote:
> >
> > The reason such as system call has not been introduced in the past
> > is because it introduces the namespace of namespace problem.
> >
> > How have you solved the namespace of namespaces problem?
> 
> So I think Christian would be better at answering this, but to a first
> approximation I think the explanation from commit 76b6f5dfb3fd
> ("nstree: add listns()") gives some high-level rules:

After last year's round I've caught another lung infection so I'm a bit
incapacitated and not working. Visibility is currently based on the user
namespace. It's possible to list all namespaces that are owned by a
given user namespaces. So a caller in an unprivileged container is only
able to list namespaces that they directly own or namespaces owned by
descendant namespaces. That's tracked in the namespace tree. The
self-tests verify this as well. So it is not possible to break out of
that hierarchy. As this is expressily an introspection system call it
allows to list sibling namespaces owned by the same user namespace ofc
as its tailored for container managers. This will be used in
high-privileged container managers and in systemd for service
supervision so if there's any concerns that the current standard access
regulation and seccomp() isn't enough I'm more than happy to require
global CAP_SYS_ADMIN.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ