Re: [PATCH -mm 5/7] add user namespace

From: Dave Hansen
Date: Fri Jul 14 2006 - 12:34:09 EST

Next message: Serge E. Hallyn: "Re: [PATCH -mm 5/7] add user namespace"
Previous message: Chris Wedgwood: "Re: [PATCH] Add SATA device to VIA IRQ quirk fixup list"
In reply to: Eric W. Biederman: "Re: [PATCH -mm 5/7] add user namespace"
Next in thread: Serge E. Hallyn: "Re: [PATCH -mm 5/7] add user namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2006-07-14 at 09:13 -0600, Eric W. Biederman wrote:
> Already mentioned but. rw permissions on sensitive files are for
> uid == 0. No capability checks are performed.

I'd also like to point out that we can do this whole process very
incrementally. If we want, we can start out with all containers
chroot'd into a filesystem namespace which uses read-only bind mounts
and doesn't allow any write access to the underlying filesystem.

As we introduce the capability checks, we can start to actually
cooperatively share more data.

-- Dave

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Serge E. Hallyn: "Re: [PATCH -mm 5/7] add user namespace"
Previous message: Chris Wedgwood: "Re: [PATCH] Add SATA device to VIA IRQ quirk fixup list"
In reply to: Eric W. Biederman: "Re: [PATCH -mm 5/7] add user namespace"
Next in thread: Serge E. Hallyn: "Re: [PATCH -mm 5/7] add user namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]