| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1mxyvtwt0.fsf@fess.ebiederm.org> Date: Fri, 26 Feb 2010 15:13:47 -0800 From: ebiederm@...ssion.com (Eric W. Biederman) To: Oren Laadan <orenl@...columbia.edu> Cc: Pavel Emelyanov <xemul@...allels.com>, Ben Greear <greearb@...delatech.com>, Linux Netdev List <netdev@...r.kernel.org>, containers@...ts.linux-foundation.org, Netfilter Development Mailinglist <netfilter-devel@...r.kernel.org>, Daniel Lezcano <dlezcano@...ibm.com> Subject: Re: [RFC][PATCH] ns: Syscalls for better namespace sharing control. Oren Laadan <orenl@...columbia.edu> writes: > Can't think of a specific scenario, but I wonder if there would > be a problem (security or otherwise) with a process that only > partly belongs to a container, even if for a short time ? If we can find an instance of that then there are fundamental problems with setns. The driving use case right now is for things like network namespaces where userspace really wants to have several at once, and wants to be able to control them all. Eric -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists