From: Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>
To: Kenton Varda <kenton-AuYgBwuPrUQTaNkGU808tA@public.gmane.org>
Cc: Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Serge Hallyn
<serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
Seth Forshee
<seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Linux FS Devel
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Michael Kerrisk-manpages
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Subject: Re: [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2)
Date: Thu, 28 May 2015 23:12:09 +0200 [thread overview]
Message-ID: <556784A9.10809@nod.at> (raw)
In-Reply-To: <CAOP=4wiAA4SqvMn_rQJHOjg6M-75bi_G9Fx8ENgVnYdkT5WVQA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
Am 28.05.2015 um 23:07 schrieb Kenton Varda:
> On Thu, May 28, 2015 at 1:47 PM, Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org> wrote:
>> Am 28.05.2015 um 22:12 schrieb Kenton Varda:
>>> We never mount sysfs in Sandstorm.
>>
>> sysfs is ABI and applications depend on it.
>> Even glibc is using sysfs. Currently it has
>> fallback paths but these may go away...
>
> Off-topic, but Sandstorm isn't intended to provide a full Linux ABI.
> It is intended to provide a secure sandbox that can run apps that have
> been explicitly ported to Sandstorm. More background if you're interested:
Ahh, the application needs to be Sandstorm aware.
I was missing that detail. Thanks for pointing that out!
Thanks,
//richard
next prev parent reply other threads:[~2015-05-28 21:12 UTC|newest]
Thread overview: 145+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-14 17:30 [CFT][PATCH 0/10] Making new mounts of proc and sysfs as safe as bind mounts Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 04/10] fs: Add helper functions for permanently empty directories Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 05/10] sysctl: Allow creating " Eric W. Biederman
[not found] ` <87pp63jcca.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-14 17:31 ` [CFT][PATCH 01/10] mnt: Refactor the logic for mounting sysfs and proc in a user namespace Eric W. Biederman
2015-05-14 17:32 ` [CFT][PATCH 02/10] mnt: Modify fs_fully_visible to deal with mount attributes Eric W. Biederman
2015-05-14 17:32 ` [CFT][PATCH 03/10] vfs: Ignore unlocked mounts in fs_fully_visible Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 04/10] fs: Add helper functions for permanently empty directories Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 05/10] sysctl: Allow creating " Eric W. Biederman
2015-05-14 17:34 ` [CFT][PATCH 06/10] proc: " Eric W. Biederman
2015-05-14 17:34 ` [CFT][PATCH 07/10] kernfs: Add support for always " Eric W. Biederman
2015-05-14 17:35 ` [CFT][PATCH 08/10] sysfs: Add support for permanently " Eric W. Biederman
[not found] ` <87fv6zhxkp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-14 20:31 ` Greg Kroah-Hartman
[not found] ` <20150514203131.GB16416-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-05-14 21:33 ` Eric W. Biederman
2015-05-14 21:33 ` Eric W. Biederman
2015-05-14 20:31 ` Greg Kroah-Hartman
2015-05-14 17:36 ` [CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_empty_dir Eric W. Biederman
[not found] ` <878ucrhxi9.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-11 18:44 ` Tejun Heo
2015-08-11 18:44 ` Tejun Heo
[not found] ` <20150811184426.GH23408-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-08-11 18:57 ` Eric W. Biederman
2015-08-11 18:57 ` Eric W. Biederman
2015-08-11 19:21 ` Andy Lutomirski
[not found] ` <CALCETrXE=fKa3XkEEo6y2=ZNtsuBfX=kaoyDwiP0C2BwqKJWjw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-08-12 0:58 ` Eric W. Biederman
[not found] ` <87mvxxcogp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 20:00 ` Tejun Heo
2015-08-12 20:00 ` Tejun Heo
2015-08-12 20:27 ` Eric W. Biederman
[not found] ` <87r3n82qxd.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 21:05 ` Tejun Heo
[not found] ` <20150812200035.GB4496-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-08-12 20:27 ` Eric W. Biederman
2015-08-12 0:58 ` Eric W. Biederman
[not found] ` <877fp1hcuj.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-11 19:21 ` Andy Lutomirski
2015-08-11 20:11 ` Tejun Heo
[not found] ` <CAOS58YOHU8SFv4UXeBRr4t88UU=DXQCPg2HU_dMBmgM7WBB1zQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-08-12 0:37 ` Eric W. Biederman
[not found] ` <87fv3pe3zn.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 3:58 ` Eric W. Biederman
[not found] ` <87a8txb1k8.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 4:04 ` Eric W. Biederman
[not found] ` <871tf9b19v.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 19:15 ` Tejun Heo
[not found] ` <20150812191515.GA4496-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-08-12 20:07 ` [PATCH] fs: Set the size of empty dirs to 0 Eric W. Biederman
2015-08-12 20:07 ` Eric W. Biederman
[not found] ` <87mvxw46fc.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 20:18 ` Tejun Heo
2015-08-12 19:15 ` [CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_empty_dir Tejun Heo
2015-08-12 0:37 ` Eric W. Biederman
2015-05-14 17:37 ` [CFT][PATCH 10/10] mnt: Update fs_fully_visible to test for permanently empty directories Eric W. Biederman
2015-05-14 17:37 ` Eric W. Biederman
2015-05-14 20:29 ` [CFT][PATCH 0/10] Making new mounts of proc and sysfs as safe as bind mounts Greg Kroah-Hartman
2015-05-16 2:05 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
2015-05-14 20:29 ` [CFT][PATCH 0/10] Making new mounts of proc and sysfs as safe as bind mounts Greg Kroah-Hartman
2015-05-14 21:10 ` Eric W. Biederman
[not found] ` <87oalmg90j.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-15 6:26 ` Andy Lutomirski
[not found] ` <CALCETrU1yxcDfv4YV3wVpWMAdiOOsSUFOPUpFAN-mVA4M-OxdQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-15 6:55 ` Eric W. Biederman
2015-05-15 6:55 ` Eric W. Biederman
2015-05-15 6:26 ` Andy Lutomirski
[not found] ` <20150514202951.GA16416-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-05-14 21:10 ` Eric W. Biederman
2015-05-16 2:05 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
2015-05-16 2:06 ` [CFT][PATCH 02/10] mnt: Modify fs_fully_visible to deal with mount attributes Eric W. Biederman
[not found] ` <87siaxuvik.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-16 2:06 ` [CFT][PATCH 01/10] mnt: Refactor the logic for mounting sysfs and proc in a user namespace Eric W. Biederman
2015-05-16 2:06 ` Eric W. Biederman
2015-05-16 2:06 ` [CFT][PATCH 02/10] mnt: Modify fs_fully_visible to deal with mount attributes Eric W. Biederman
2015-05-16 2:07 ` [CFT][PATCH 03/10] vfs: Ignore unlocked mounts in fs_fully_visible Eric W. Biederman
2015-05-16 2:07 ` Eric W. Biederman
2015-05-16 2:07 ` [CFT][PATCH 04/10] fs: Add helper functions for permanently empty directories Eric W. Biederman
2015-05-16 2:07 ` Eric W. Biederman
2015-05-16 2:08 ` [CFT][PATCH 05/10] sysctl: Allow creating permanently empty directories that serve as mountpoints Eric W. Biederman
2015-05-16 2:08 ` Eric W. Biederman
2015-05-16 2:08 ` [CFT][PATCH 06/10] proc: Allow creating permanently empty directories that serve as mount points Eric W. Biederman
2015-05-16 2:08 ` Eric W. Biederman
2015-05-16 2:09 ` [CFT][PATCH 07/10] kernfs: Add support for always empty directories Eric W. Biederman
2015-05-16 2:09 ` [CFT][PATCH 08/10] sysfs: Add support for permanently empty directories to serve as mount points Eric W. Biederman
2015-05-16 2:09 ` Eric W. Biederman
[not found] ` <87fv6xtgr2.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-18 13:14 ` Greg Kroah-Hartman
2015-05-18 13:14 ` Greg Kroah-Hartman
2015-05-16 2:10 ` [CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_mount_point Eric W. Biederman
2015-05-16 2:10 ` Eric W. Biederman
2015-05-18 13:14 ` Greg Kroah-Hartman
[not found] ` <87a8x5tgpp.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-18 13:14 ` Greg Kroah-Hartman
2015-05-16 2:11 ` [CFT][PATCH 10/10] mnt: Update fs_fully_visible to test for permanently empty directories Eric W. Biederman
2015-05-16 2:11 ` Eric W. Biederman
2015-05-22 17:39 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
2015-05-22 17:39 ` Eric W. Biederman
[not found] ` <87wq004im1.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-22 18:59 ` Andy Lutomirski
2015-05-28 14:08 ` Serge Hallyn
2015-05-28 15:03 ` Eric W. Biederman
2015-05-28 17:33 ` Andy Lutomirski
[not found] ` <CALCETrXXax28s9kMTQ-zDx0MttQWG4rg2y-oz3bSGiumSL=3sg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 18:20 ` Kenton Varda
[not found] ` <CAOP=4wid+N_80iyPpiVMN96_fuHZZRGtYQ6AOPn-HFBj2H6Vgg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 19:14 ` Eric W. Biederman
[not found] ` <87fv6gikfn.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 20:12 ` Kenton Varda
[not found] ` <CAOP=4wieEaR_wESNyba7EKPAhi6kf+ujxhoMAFKVRozqWtXHvQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 20:47 ` Richard Weinberger
2015-05-28 20:47 ` Richard Weinberger
[not found] ` <55677EE4.2040903-/L3Ra7n9ekc@public.gmane.org>
2015-05-28 21:07 ` Kenton Varda
2015-05-28 21:07 ` Kenton Varda
[not found] ` <CAOP=4wiAA4SqvMn_rQJHOjg6M-75bi_G9Fx8ENgVnYdkT5WVQA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 21:12 ` Richard Weinberger [this message]
2015-05-28 20:12 ` Kenton Varda
2015-05-29 0:30 ` Andy Lutomirski
2015-05-29 0:35 ` Andy Lutomirski
2015-05-29 0:35 ` Andy Lutomirski
[not found] ` <CALCETrXO21Y7PR=pKqaqJb1YZArNyjAv7Z-J44O53FcfLM_0Tw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-29 4:36 ` Eric W. Biederman
2015-05-29 4:36 ` Eric W. Biederman
[not found] ` <87fv6g80g7.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-29 4:54 ` Kenton Varda
2015-05-29 17:49 ` Andy Lutomirski
[not found] ` <CALCETrVEA0Ug+3aj5rjupqZub-1tPLw+szzbs4kTyEyVvNs7qg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-06-03 21:13 ` Eric W. Biederman
2015-06-03 21:13 ` Eric W. Biederman
[not found] ` <87k2vkebri.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-03 21:15 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible Eric W. Biederman
[not found] ` <87eglseboh.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 4:35 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible (take 2) Eric W. Biederman
2015-06-04 4:35 ` Eric W. Biederman
[not found] ` <874mmodral.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 5:20 ` Greg Kroah-Hartman
2015-06-04 5:20 ` Greg Kroah-Hartman
2015-06-05 0:46 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible Andy Lutomirski
[not found] ` <CALCETrWwtFaiaYGLoq4EPkrgcq9nEA2GseVfP3iBkbYZ8NfGPg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-06-06 19:14 ` Eric W. Biederman
2015-06-06 19:14 ` Eric W. Biederman
2015-06-05 0:46 ` Andy Lutomirski
2015-06-04 5:19 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Greg Kroah-Hartman
2015-06-04 6:27 ` Eric W. Biederman
[not found] ` <87h9qo6la9.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 7:34 ` Eric W. Biederman
2015-06-16 12:23 ` Daniel P. Berrange
2015-06-16 12:23 ` Daniel P. Berrange
[not found] ` <20150604051958.GA21049-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-06-04 6:27 ` Eric W. Biederman
2015-05-28 19:14 ` Eric W. Biederman
[not found] ` <87lhg8pwvz.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 17:33 ` Andy Lutomirski
2015-05-28 21:04 ` Serge E. Hallyn
2015-05-28 21:04 ` Serge E. Hallyn
[not found] ` <20150528210438.GA14849-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2015-05-28 21:42 ` Eric W. Biederman
2015-05-28 21:42 ` Eric W. Biederman
2015-05-28 21:52 ` Serge E. Hallyn
[not found] ` <871ti0fkfp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 21:52 ` Serge E. Hallyn
2015-05-28 15:03 ` Eric W. Biederman
2015-05-28 19:36 ` Richard Weinberger
[not found] ` <55676E32.3050006-/L3Ra7n9ekc@public.gmane.org>
2015-05-28 19:57 ` Eric W. Biederman
[not found] ` <87382gh3uo.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 20:30 ` Richard Weinberger
2015-05-28 20:30 ` Richard Weinberger
[not found] ` <55677AEF.1090809-/L3Ra7n9ekc@public.gmane.org>
2015-05-28 21:32 ` Eric W. Biederman
[not found] ` <87iobcfkwx.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 21:46 ` Richard Weinberger
[not found] ` <55678CCA.80807-/L3Ra7n9ekc@public.gmane.org>
2015-06-16 12:30 ` Daniel P. Berrange
2015-06-16 12:30 ` Daniel P. Berrange
2015-05-29 9:30 ` Richard Weinberger
[not found] ` <556831CF.9040600-/L3Ra7n9ekc@public.gmane.org>
2015-05-29 17:41 ` Eric W. Biederman
2015-05-29 17:41 ` Eric W. Biederman
2015-05-29 17:41 ` Eric W. Biederman
2015-06-06 18:56 ` Eric W. Biederman
2015-06-06 18:56 ` Eric W. Biederman
2015-06-06 18:56 ` Eric W. Biederman
[not found] ` <87mw0c1x8p.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-16 12:31 ` Daniel P. Berrange
2015-06-16 12:31 ` Daniel P. Berrange
[not found] ` <20150616123148.GB18689-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-06-16 12:46 ` Richard Weinberger
2015-06-16 12:46 ` Richard Weinberger
2015-05-28 19:36 ` Richard Weinberger
[not found] ` <CALCETrUhXBR5WQ6gXr9KzGc4=7tph7kzopY29Hug4g+FhOzEKg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-22 20:41 ` Eric W. Biederman
2015-05-28 14:08 ` Serge Hallyn
2015-05-22 18:59 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=556784A9.10809@nod.at \
--to=richard-/l3ra7n9ekc@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=kenton-AuYgBwuPrUQTaNkGU808tA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
--cc=seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.