Re: [patch 07/10] unprivileged mounts: add sysctl tunable for "safe" property

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Miklos Szeredi <miklos@...>

To: <serue@...>

Cc: <miklos@...>, <akpm@...>, <hch@...>, <serue@...>, <linux-fsdevel@...>, <linux-kernel@...>

Subject: Re: [patch 07/10] unprivileged mounts: add sysctl tunable for "safe" property

Date: Wednesday, February 6, 2008 - 5:11 pm

> > +	t->table[0].mode = 0644;
quoted text> 
> Yikes, this could be a problem for containers, as it's simply tied to
> uid 0, whereas tying it to a capability would let us solve it with
> capability bounds.
> 
> This might mean more urgency to get user namespaces working at least
> with sysfs, else this is a quick way around having CAP_SYS_ADMIN taken
> out of a container's capability bounding set.

I think I understand the problem, but not the solution.  How do user
namespaces going to help?

Maybe sysctls just need to check capabilities, instead of uids.  I
think that would make a lot of sense anyway.

Thanks,
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[patch 07/10] unprivileged mounts: add sysctl tunable for "s..., Miklos Szeredi, (Tue Feb 5, 5:36 pm)

Re: [patch 07/10] unprivileged mounts: add sysctl tunable fo..., Aneesh Kumar K.V, (Thu Feb 7, 11:33 am)

Re: [patch 07/10] unprivileged mounts: add sysctl tunable fo..., Miklos Szeredi, (Thu Feb 7, 12:24 pm)

Re: [patch 07/10] unprivileged mounts: add sysctl tunable fo..., Serge E. Hallyn, (Wed Feb 6, 4:21 pm)

Re: [patch 07/10] unprivileged mounts: add sysctl tunable fo..., Miklos Szeredi, (Wed Feb 6, 5:11 pm)

Re: [patch 07/10] unprivileged mounts: add sysctl tunable fo..., Serge E. Hallyn, (Wed Feb 6, 6:45 pm)

Re: [patch 07/10] unprivileged mounts: add sysctl tunable fo..., Miklos Szeredi, (Thu Feb 7, 4:09 am)

Re: [patch 07/10] unprivileged mounts: add sysctl tunable fo..., Serge E. Hallyn, (Thu Feb 7, 10:05 am)

Re: [patch 07/10] unprivileged mounts: add sysctl tunable fo..., Miklos Szeredi, (Thu Feb 7, 10:36 am)

Re: [patch 07/10] unprivileged mounts: add sysctl tunable fo..., Serge E. Hallyn, (Thu Feb 7, 12:57 pm)

Navigation

Popular discussions


linux-kernel:
debian developer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Linus Torvalds	Re: Slow DOWN, please!!!
Tony Lindgren	[PATCH 37/90] ARM: OMAP: MPUIO wake updates
git:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
Alexey Dobriyan	Re: [GIT]: Networking
Dushan Tcholich	Re: ksoftirqd high cpu load on kernels 2.6.24 to 2.6.27-rc1-mm1
openbsd-misc:

Colocation donated by:

Online users

Syndicate