Re: Current state of CLONE_NEWUSER?

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Eric W. Biederman

Subject: Re: Current state of CLONE_NEWUSER?

Date: Wednesday, November 19, 2008 - 6:41 pm

"Michael Kerrisk" <mtk.manpages@googlemail.com> writes:

quoted text> Hi Serge,
>
> What is the current status of CLONE_NEWUSER?  I'm currently trying to
> test this flag in preparation for documenting it in the clone(2) man
> page, but am running into an ENOMEM error from the clone() call, which
> seems to occur after a failure in kobject_init_and_add() in the
> following call sequence:
>
> clone_user_ns() --> alloc_uid() --> uids_user_create() -->
> kobject_init_and_add()
>
> Are there already some test programs somewhere?  Is there any
> documentation already available for this flag?

This code is definitely still under development.

When complete it should be able to create a new uid namespace,
as an unprivileged user.  Creating a new process with uid == gid == 0.
Have a full set of caps.  And have permission to do nothing on the system
except read world readable files and write world writable files.

Eric
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Current state of CLONE_NEWUSER?, Michael Kerrisk, (Wed Nov 19, 1:04 pm)

Re: Current state of CLONE_NEWUSER?, Eric W. Biederman, (Wed Nov 19, 6:41 pm)

Re: Current state of CLONE_NEWUSER?, Michael Kerrisk, (Thu Nov 20, 4:49 am)

Re: Current state of CLONE_NEWUSER?, Eric W. Biederman, (Thu Nov 20, 10:33 am)

Re: Current state of CLONE_NEWUSER?, Serge E. Hallyn, (Fri Nov 21, 8:07 am)

Re: Current state of CLONE_NEWUSER?, Michael Kerrisk, (Tue Nov 25, 8:54 am)


linux-kernel:
Michael Trimarchi	Re: [PATCH] VFS: make file->f_pos access atomic on 32bit arch
Miklos Szeredi	[patch 14/15] vfs: more path_permission() conversions
Serge E. Hallyn	Re: [RFC v5][PATCH 7/8] Infrastructure for shared objects
Bernd Schmidt	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Takashi Iwai	[PATCH 2/2] input: Add LED support to Synaptics device
git:
Junio C Hamano	Re: mingw, windows, crlf/lf, and git
Eyvind Bernhardsen	Re: Where has "git ls-remote" reference pattern matching gone?
Shawn O. Pearce	Re: Switching from CVS to GIT
Todd Zullinger	Re: [PATCH 2/2] send-email: rfc2047-quote subject lines with non-ascii characters
Santi Béjar	Re: How to use git-fmt-merge-msg?
linux-netdev:
Ramkrishna Vepa	[net-2.6 PATCH 1/10] Neterion: New driver: Driver help file
Mark Anthony	invitation / inquiry
Ingo Molnar	Re: [PATCH 08/16] dma-debug: add core checking functions
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Sascha Hauer	[PATCH 03/12] fec: do not typedef struct types
git-commits-head:
Linux Kernel Mailing List	amba: struct device - replace bus_id with dev_name(), dev_set_name()
Linux Kernel Mailing List	MIPS: Yosemite: Convert SMP startup lock to arch spinlock.
Linux Kernel Mailing List	ARM: S5PC100: IRQ and timer
Linux Kernel Mailing List	davinci: edma: clear interrupt status for interrupt enabled channels only
Linux Kernel Mailing List	x86, mm, kprobes: fault.c, simplify notify_page_fault()
openbsd-misc:
Daniel A. Ramaley	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?
Matthias Kilian	Re: can't get vesa @ 1280x800 or nv
Tobias Ulmer	Re: Problem after upgrade 4.5 to 4.6: ERR M
Philip Guenther	Re: SIGCHLD and libpthread.so
J.C. Roberts	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?