| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Dec 2009 13:24:50 -0500 From: Bryan Donlan <bdonlan@...il.com> To: Mark Seaborn <mrs@...hic-beasts.com> Cc: Michael Stone <michael@...top.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, linux-security-module@...r.kernel.org, Andi Kleen <andi@...stfloor.org>, David Lang <david@...g.hm>, Oliver Hartkopp <socketcan@...tkopp.net>, Alan Cox <alan@...rguk.ukuu.org.uk>, Herbert Xu <herbert@...dor.apana.org.au>, Valdis Kletnieks <Valdis.Kletnieks@...edu>, RĂ©mi Denis-Courmont <rdenis@...phalempin.com>, Evgeniy Polyakov <zbr@...emap.net>, "C. Scott Ananian" <cscott@...ott.net>, James Morris <jmorris@...ei.org>, Bernie Innocenti <bernie@...ewiz.org>, Linux Containers <containers@...ts.osdl.org> Subject: Re: Network isolation with RLIMIT_NETWORK, cont'd. On Thu, Dec 17, 2009 at 12:31 PM, Mark Seaborn <mrs@...hic-beasts.com> wrote: > Maybe we could fix (b) by making mount namespaces into first class objects > that can be named through a file descriptor, so that one process can > manipulate another process's namespace without itself being subject to the > namespace. Can this be done using openat() and friends currently? It would seem the natural way to implement this; open /proc/(pid)/root, then openat() things from there (or even chdir to it and see the mounts that it sees from there...) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists