| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <48E37637.8080408@fr.ibm.com> Date: Wed, 01 Oct 2008 15:08:07 +0200 From: Cedric Le Goater <clg@...ibm.com> To: Pavel Emelyanov <xemul@...nvz.org> CC: Daniel Lezcano <dlezcano@...ibm.com>, Denis Lunev <den@...nvz.org>, netdev@...r.kernel.org, containers@...ts.linux-foundation.org, ebiederm@...ssion.com, benjamin.thery@...l.net Subject: Re: [PATCH net-next] [RFC] netns: enable cross-ve Unix sockets Pavel Emelyanov wrote: > Daniel Lezcano wrote: >> Pavel Emelyanov wrote: >>>> So there are 2 cases: >>>> * full isolation : restriction on VPS >>>> * partial isolation : no restriction but *perhaps* problem when migrating >>>> >>>> Looks like we need an option per namespace to reduce the isolation for >>>> af_unix sockets :) >>>> - on (default): current behaviour => full isolation >>>> - off : partial isolation >>> You mean some sysctl, that enables/disables this check in unix_find_socket_byinode? >> Yes. > > OK. Den, please, do :) hmm, would that allow sibling namespaces to connect to each other ? If so, I'm not in favor of such a solution. I understand the need. we had a similar issue with the command line tool pgsl. Could we work something out with the capabilities ? or make an exception if your ->nsproxy->net_ns == init_net ? Thanks, C. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists