From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) Subject: Re: [PATCH 5/5] pid: use namespaced iteration on processes while managing priority Date: Thu, 18 Dec 2008 10:54:20 -0800 Message-ID: References: <1229618553-6348-1-git-send-email-gowrishankar.m@linux.vnet.ibm.com> <1229618553-6348-6-git-send-email-gowrishankar.m@linux.vnet.ibm.com> <20081218181317.GA14409@us.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20081218181317.GA14409-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> (Serge E. Hallyn's message of "Thu, 18 Dec 2008 12:13:17 -0600") List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "Serge E. Hallyn" Cc: Gowrishankar M , Containers , Dave , Sukadev , Balbir List-Id: containers.vger.kernel.org "Serge E. Hallyn" writes: > The uid check needs to be fixed for user namespaces, agreed. I could > go either way though on whether we should also restrict to the same > pidns. It would be a subtle unexpected semantic change, that we would need to copy linux-abi and document etc. I'm not convinced it is that useful. I'm inclined to keep the semantics pure until there is some real experience from the field on issues like this. > (note to fix the userns part of this added to my userns queue - first > I want to finish with keys; then maybe this should be done before > handling capabilities) Sounds good. Mentioning the user namespace was just to make it clear where it should be fixed. Eric