From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: [PATCH 0/6] user namespaces: introduction
Date: Fri, 25 Jul 2008 19:27:00 -0500 [thread overview]
Message-ID: <20080726002700.GA29686@us.ibm.com> (raw)
Following is a set of user namespace patches I've been playing with
this week.
The first two patches are I believe fixes which should go in regardless
of which direction user namespaces take.
The rest of the patches are one approach to providing default cross-userns
isolation for files. Any filesystem can provide its own intelligent
cross-userns userid equivalence checks by defining its own permission
function, which is what Eric and I have been talking about doing.
The next step is probably to handle some of the task-to-task
cross-userns checks.
Comments appreciated.
thanks,
-serge
next reply other threads:[~2008-07-26 0:27 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-26 0:27 Serge E. Hallyn [this message]
[not found] ` <20080726002700.GA29686-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-07-26 0:27 ` [PATCH 1/6] user namespaces: introduce user_struct->user_namespace relationship Serge E. Hallyn
[not found] ` <20080726002725.GA29874-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-07-26 2:07 ` [Devel] " Alexey Dobriyan
[not found] ` <20080726020731.GA5115-QDJVlCTZ4KWTKS93B3g+7KFoa47nwP16@public.gmane.org>
2008-07-26 3:31 ` Serge E. Hallyn
2008-07-26 0:27 ` [PATCH 2/6] user namespaces: move user_ns from nsproxy into user struct Serge E. Hallyn
[not found] ` <20080726002735.GB29874-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-07-28 21:41 ` Eric W. Biederman
[not found] ` <m1k5f5it4i.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-07-29 17:59 ` Serge E. Hallyn
2008-07-26 0:27 ` [PATCH 3/6] user namespaces: rig generic_permission for simple userns check Serge E. Hallyn
2008-07-26 0:27 ` [PATCH 4/6] user namespaces: add user_ns to super block Serge E. Hallyn
[not found] ` <20080726002754.GD29874-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-07-28 21:53 ` Eric W. Biederman
[not found] ` <m13altislf.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-07-28 22:47 ` Matt Helsley
[not found] ` <1217285230.25300.19.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-07-28 23:03 ` Eric W. Biederman
[not found] ` <m1skttehm6.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-07-29 18:09 ` Serge E. Hallyn
2008-07-29 18:05 ` Serge E. Hallyn
[not found] ` <20080729180515.GB365-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-07-29 19:22 ` Eric W. Biederman
[not found] ` <m13alscx7e.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-08-02 0:06 ` Serge E. Hallyn
[not found] ` <20080802000609.GA10211-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-02 1:49 ` Eric W. Biederman
[not found] ` <m1wsj0i3td.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-08-03 0:37 ` Serge E. Hallyn
2008-07-26 0:28 ` [PATCH 5/6] user namespaces: refuse create in other user_ns Serge E. Hallyn
2008-07-26 0:28 ` [PATCH 6/6] user_namespace: move put_user_ns outside lock Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080726002700.GA29686@us.ibm.com \
--to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.