Re: Could you write some CLONE_NEWUSER?

From: Bryan Donlan
Date: Thu Dec 04 2008 - 15:18:49 EST

Next message: Bartlomiej Zolnierkiewicz: "Re: vanilla kernels hang randomly under Fedora 10 on system with Radeon card"
Previous message: Ondrej Zary: "Random host bus errors with pata_it821x, filesystem corruption"
In reply to: Serge E. Hallyn: "Re: Could you write some CLONE_NEWUSER?"
Next in thread: Serge E. Hallyn: "Re: Could you write some CLONE_NEWUSER?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 4, 2008 at 2:04 PM, Serge E. Hallyn <serue@xxxxxxxxxx> wrote:
> Quoting Michael Kerrisk (mtk.manpages@xxxxxxxxxxxxxx):
>> Hi Serge,
>>
>> Thanks for CCing me on recent CLONE_NEWUSER patches.
>>
>> Would you be will to write some documentation for this flag? (It's
>> the only remaining undocumented flag in clone(2).) Plain text would
>> be fine -- I'll integrate it into the man page with suitable macros.
>
> Well here is a start. David, writing this actually reminded me that
> the per-user keys still aren't per-namespace. Did you say you were
> looking at that, or should I send a patch (starting at
> security/keys/key.c:key_user_lookup())?
>
> Eric, if you get a second, could you please review?
>
> thanks,
> -serge
>
>
> CLONE_NEWUSER
> Start the child in a new user namespace.
>
> User namespaces are very incomplete. When complete, they
> will implement hierarchical userid namespaces designed to
> be safely used without privilege. User namespaces are
> unnamed, but for the sake of this explanation we will give
> them a single-letter ID. Let us refer to userid 500 in user
> namespace B as (B, 500). Assume a process owned by (B, 500)
> passes CLONE_NEWUSER to clone(2). A new user namespace, C,
> will be created. The new task will be owned by user
> (C, 0). No userid in user namespace C will be able to
> gain more access than (B, 500) could obtain. User (C, 500)
> will be protected from (C, 501) as usual. Files created
> by (C, 501) are owned by both (C, 501) and (B, 500), so
> (B, 500) owns all files created in user namespace C. Likewise
> (B, 500) can kill and ptrace any processes owned by (C, 501).

This is something more of a general question than one about this
manpage, but how will files owned by user namespaces be represented on
the underlying filesystem? Since (C, 501) will be meaningless after a
reboot at the latest, it makes little sense to persist them...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bartlomiej Zolnierkiewicz: "Re: vanilla kernels hang randomly under Fedora 10 on system with Radeon card"
Previous message: Ondrej Zary: "Random host bus errors with pata_it821x, filesystem corruption"
In reply to: Serge E. Hallyn: "Re: Could you write some CLONE_NEWUSER?"
Next in thread: Serge E. Hallyn: "Re: Could you write some CLONE_NEWUSER?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]