| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251213050639.735940-1-danilklishch@gmail.com> Date: Sat, 13 Dec 2025 00:06:38 -0500 From: Dan Klishch <danilklishch@...il.com> To: legion@...nel.org, linux-kernel@...r.kernel.org Cc: ebiederm@...ssion.com, viro@...iv.linux.org.uk, keescook@...omium.org, containers@...ts.linux-foundation.org, linux-fsdevel@...r.kernel.org, Dan Klishch <danilklishch@...il.com> Subject: Re: [RESEND PATCH v6 0/5] proc: subset=pid: Relax check of mount visibility Hello Alexey, Would it be possible to revive this patch series? I wanted to add an additional downstream use case that would benefit from this work. In particular, I am trying to run the sandbox sunwalker-box [1] without root privileges and/or inside a container. The sandbox aims to prevent cross-run communication via side channels, and PID allocation is one such channel. Therefore, it creates a new PID namespace and mounts the corresponding procfs instance inside of the sandbox. This currently works without a real root when procfs is fully accessible, but obviously fails otherwise. Thanks, Dan Klishch [1] https://github.com/purplesyringa/sunwalker-box/
Powered by blists - more mailing lists