From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: [PATCH 1/1] RFC: taking a crack at targeted capabilities
Date: Tue, 16 Feb 2010 16:07:12 -0600 [thread overview]
Message-ID: <20100216220712.GA27801@us.ibm.com> (raw)
In-Reply-To: <m1ocjqep25.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
> "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> writes:
>
> > Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
> >> "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> writes:
> >>
> >> > So i was thinking about how to safely but incrementally introduce
> >> > targeted capabilities - which we decided was a prereq to making VFS
> >> > handle user namespaces - and the following seemed doable. My main
> >> > motivations were (in order):
> >> >
> >> > 1. don't make any unconverted capable() checks unsafe
> >> > 2. minimize performance impact on non-container case
> >> > 3. minimize performance impact on containers
> >>
> >> My motivation is a bit different. I would like to get to the
> >> unprivileged creation of new namespaces. It looks like this gets us
> >> 90% of the way there, with only potential uid confusion issues left.
> >
> > Just a pair of instances of uid comparison are now addressed in
> >
> > http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/sergeh/linux-cr.git;a=shortlog;h=refs/heads/feb13.userns.uid_equivs
> >
> > which has your patch "taking a crack at targeted capabilities" at its
> > core. Talk about your baby steps... But I need to go back and re-read
> > what we'd discussed over the last few years about how we wanted to
> > tag superblocks/mounts->inodes before I go on.
> >
> > Anyway now uid equivalence checks are ns-aware for basic vfs_permission
> > and task kill at least. It's a start.
>
> Thanks for keeping this alive.
>
> I took a quick skim through your patches and things look a little rough
> (you are patching your patches) but it looks like you are wrapping your
Oh! I see what happened. I had two patches sitting on top of my local
master branch, switched to an experimental branch and did the same
patches plus others plus fixes, then rebased on top of my messed-up
local master instead of origin/master. So
"check user namespace for task->file uid equivalence."
shows up twice, once messed-up, and once as just a fix on top of the
messed up one.
Wow.
> head around the ideas pretty well, and the ns_capable etc seem to be working.
> Hooray!
>
> The big idea was that the generic filesystem interface would speak multiple
> uid namespaces, and the generic default would do something simple and pick
> a single namespace for all of the comparisons to be against. Then we would
> have a generic library for filesystem to implement mount options describing
> how they wanted to map uids in different namespaces into what they could
> store on the filesystem.
>
> Eric
prev parent reply other threads:[~2010-02-16 22:07 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-06 6:28 [PATCH 1/1] RFC: taking a crack at targeted capabilities Serge E. Hallyn
[not found] ` <20100106062809.GA17064-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-01-06 15:44 ` Eric W. Biederman
[not found] ` <m13a2j2q7c.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-01-06 17:30 ` Serge E. Hallyn
[not found] ` <20100106173056.GC15784-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-01-06 20:43 ` Eric W. Biederman
2010-01-06 16:56 ` Eric W. Biederman
[not found] ` <m17hrv18ad.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-01-06 17:35 ` Serge E. Hallyn
[not found] ` <20100106173536.GD15784-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-01-06 20:57 ` Eric W. Biederman
2010-01-06 20:17 ` Serge E. Hallyn
[not found] ` <20100106201725.GA24242-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-01-06 21:11 ` Eric W. Biederman
[not found] ` <m1skajszuw.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-01-06 21:57 ` Serge E. Hallyn
[not found] ` <20100106215721.GA5823-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-01-07 0:16 ` Eric W. Biederman
2010-02-15 14:27 ` Matt Helsley
[not found] ` <20100215142746.GD3714-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-02-15 16:16 ` Eric W. Biederman
[not found] ` <m13a12bhjq.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-02-15 16:37 ` Matt Helsley
[not found] ` <20100215163708.GG3714-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-02-15 16:48 ` Eric W. Biederman
2010-02-15 4:05 ` Serge E. Hallyn
[not found] ` <20100215040529.GA20519-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-15 11:06 ` Eric W. Biederman
[not found] ` <m1ocjqep25.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-02-16 22:07 ` Serge E. Hallyn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100216220712.GA27801@us.ibm.com \
--to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.