All of lore.kernel.org
 help / color / mirror / Atom feed
* Issue with clone() and CLONE_NEWUSER as unprivileged user
@ 2014-08-18  5:35 Marcel Holtmann
  2014-08-21 22:19 ` Andy Lutomirski
  0 siblings, 1 reply; 4+ messages in thread
From: Marcel Holtmann @ 2014-08-18  5:35 UTC (permalink / raw)
  To: LKML

Hi,

I am trying to use clone() and CLONE_NEWUSER for creating a new user namespace as an unprivileged user. I always get an operation not permitted error. However when I used fork() + unshare() as unprivileged user, I can create the new user namespace just fine.

Is there something obvious that I am missing? My understand is that CLONE_NEWUSER should not require any special capabilities. I tried the sample code from the manpage and also from LWN.net, but both give me the same error.

Regards

Marcel


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Issue with clone() and CLONE_NEWUSER as unprivileged user
  2014-08-18  5:35 Issue with clone() and CLONE_NEWUSER as unprivileged user Marcel Holtmann
@ 2014-08-21 22:19 ` Andy Lutomirski
  2014-08-21 22:26   ` Marcel Holtmann
  0 siblings, 1 reply; 4+ messages in thread
From: Andy Lutomirski @ 2014-08-21 22:19 UTC (permalink / raw)
  To: Marcel Holtmann, LKML; +Cc: Eric W. Biederman

On 08/17/2014 10:35 PM, Marcel Holtmann wrote:
> Hi,
> 
> I am trying to use clone() and CLONE_NEWUSER for creating a new user namespace as an unprivileged user. I always get an operation not permitted error. However when I used fork() + unshare() as unprivileged user, I can create the new user namespace just fine.
> 
> Is there something obvious that I am missing? My understand is that CLONE_NEWUSER should not require any special capabilities. I tried the sample code from the manpage and also from LWN.net, but both give me the same error.

It works for me on 3.16 and 3.15 but not on 3.15.8-200.fc20.x86_64.  I'm
a bit confused.  What kernel are you using?

--Andy

> 
> Regards
> 
> Marcel
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Issue with clone() and CLONE_NEWUSER as unprivileged user
  2014-08-21 22:19 ` Andy Lutomirski
@ 2014-08-21 22:26   ` Marcel Holtmann
  2014-08-22  0:11     ` Andy Lutomirski
  0 siblings, 1 reply; 4+ messages in thread
From: Marcel Holtmann @ 2014-08-21 22:26 UTC (permalink / raw)
  To: Andy Lutomirski; +Cc: LKML, Eric W. Biederman

Hi Andy,

>> I am trying to use clone() and CLONE_NEWUSER for creating a new user namespace as an unprivileged user. I always get an operation not permitted error. However when I used fork() + unshare() as unprivileged user, I can create the new user namespace just fine.
>> 
>> Is there something obvious that I am missing? My understand is that CLONE_NEWUSER should not require any special capabilities. I tried the sample code from the manpage and also from LWN.net, but both give me the same error.
> 
> It works for me on 3.16 and 3.15 but not on 3.15.8-200.fc20.x86_64.  I'm
> a bit confused.  What kernel are you using?

I am running 3.15.6-200.fc20.x86_64 actually. What confused me is that fork() + unshare() works fine, but clone() doesn't.

Regards

Marcel


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Issue with clone() and CLONE_NEWUSER as unprivileged user
  2014-08-21 22:26   ` Marcel Holtmann
@ 2014-08-22  0:11     ` Andy Lutomirski
  0 siblings, 0 replies; 4+ messages in thread
From: Andy Lutomirski @ 2014-08-22  0:11 UTC (permalink / raw)
  To: Marcel Holtmann; +Cc: LKML, Eric W. Biederman

On Thu, Aug 21, 2014 at 3:26 PM, Marcel Holtmann <marcel@holtmann.org> wrote:
> Hi Andy,
>
>>> I am trying to use clone() and CLONE_NEWUSER for creating a new user namespace as an unprivileged user. I always get an operation not permitted error. However when I used fork() + unshare() as unprivileged user, I can create the new user namespace just fine.
>>>
>>> Is there something obvious that I am missing? My understand is that CLONE_NEWUSER should not require any special capabilities. I tried the sample code from the manpage and also from LWN.net, but both give me the same error.
>>
>> It works for me on 3.16 and 3.15 but not on 3.15.8-200.fc20.x86_64.  I'm
>> a bit confused.  What kernel are you using?
>
> I am running 3.15.6-200.fc20.x86_64 actually. What confused me is that fork() + unshare() works fine, but clone() doesn't.

Ok, tracked it down.  This is a Fedora-specific issue.

https://bugzilla.redhat.com/show_bug.cgi?id=917708

--Andy

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-08-22  0:11 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-18  5:35 Issue with clone() and CLONE_NEWUSER as unprivileged user Marcel Holtmann
2014-08-21 22:19 ` Andy Lutomirski
2014-08-21 22:26   ` Marcel Holtmann
2014-08-22  0:11     ` Andy Lutomirski

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.