* user namespaces config option
@ 2007-08-16 11:40 Pavel Emelyanov
[not found] ` <46C437C8.9020200-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Pavel Emelyanov @ 2007-08-16 11:40 UTC (permalink / raw)
To: Cedric Le Goater, Serge Hallyn; +Cc: Linux Containers
Hi, Cedric, Serge.
I have noticed, that you have removed config options for
uts and ipc namespaces but kept one for user namespace.
What's the policy about what namespaces should have config
option? I thought, that the only code that is worth having
under option is clone/destroy one to save .text size for
people who don't need them (embedded).
Thanks,
Pavel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: user namespaces config option
[not found] ` <46C437C8.9020200-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
@ 2007-08-16 11:56 ` Serge E. Hallyn
2007-08-30 16:44 ` Cedric Le Goater
1 sibling, 0 replies; 3+ messages in thread
From: Serge E. Hallyn @ 2007-08-16 11:56 UTC (permalink / raw)
To: Pavel Emelyanov; +Cc: Linux Containers
Quoting Pavel Emelyanov (xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org):
> Hi, Cedric, Serge.
>
> I have noticed, that you have removed config options for
> uts and ipc namespaces but kept one for user namespace.
>
> What's the policy about what namespaces should have config
> option? I thought, that the only code that is worth having
> under option is clone/destroy one to save .text size for
> people who don't need them (embedded).
The user namespaces are under a config and marked experimental because
uid-based permission checks do not take namespaces into account and the
root user in a namespace is not at all controlled. You can handle the
security implications using selinux, but I guess the fear is that people
would assume uid namespaces do more than they currently do.
-serge
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: user namespaces config option
[not found] ` <46C437C8.9020200-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-16 11:56 ` Serge E. Hallyn
@ 2007-08-30 16:44 ` Cedric Le Goater
1 sibling, 0 replies; 3+ messages in thread
From: Cedric Le Goater @ 2007-08-30 16:44 UTC (permalink / raw)
To: Pavel Emelyanov; +Cc: Linux Containers
Pavel Emelyanov wrote:
> Hi, Cedric, Serge.
>
> I have noticed, that you have removed config options for
> uts and ipc namespaces but kept one for user namespace.
>
> What's the policy about what namespaces should have config
> option? I thought, that the only code that is worth having
> under option is clone/destroy one to save .text size for
> people who don't need them (embedded).
yes .text size is important for the embedded people but performance
also. so if perf is not impacted and .text increase is reasonable,
it's interesting to remove the config option and clarify the code
at the same time. This was the case of uts and ipc ns.
user ns is far from complete and should be kept experimental.
C.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-08-30 16:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-16 11:40 user namespaces config option Pavel Emelyanov
[not found] ` <46C437C8.9020200-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-16 11:56 ` Serge E. Hallyn
2007-08-30 16:44 ` Cedric Le Goater
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.