Re: chroot(2) and bind mounts as non-root

From: Eric W. Biederman
Date: Tue Jan 03 2012 - 18:11:39 EST

Next message: John Stultz: "Re: Regression: ONE CPU fails bootup at Re: [3.2.0-RC7] BUG: unableto handle kernel NULL pointer dereference at 0000000000000598 [ 1.478005] IP: [<ffffffff8107a6c4>] queue_work_on+0x4/0x30"
Previous message: Djalal Harouni: "Re: [PATCH] fs/ext{3,4}: fix potential race when setversion ioctlupdates inode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Steve Grubb <sgrubb@xxxxxxxxxx> writes:

> On Friday, December 16, 2011 01:14:36 AM Eric W. Biederman wrote:
>> Since except at the edges of userspace we use uids and gids in the
>> initial user namespace, the implications for confusing other security
>> mechanisms is minimized.
>
> Is anyone thinking about how this affects the audit system?

A little.

Today the audit system can only be used from the initial namespaces and
the pids that we use are from the initial pid namespace.

It is my expectation that we can continue the same pattern for uids as
well.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: John Stultz: "Re: Regression: ONE CPU fails bootup at Re: [3.2.0-RC7] BUG: unableto handle kernel NULL pointer dereference at 0000000000000598 [ 1.478005] IP: [<ffffffff8107a6c4>] queue_work_on+0x4/0x30"
Previous message: Djalal Harouni: "Re: [PATCH] fs/ext{3,4}: fix potential race when setversion ioctlupdates inode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]