From: Andrew Morton <akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org,
David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
xemul-3ImXcnM4P+0@public.gmane.org
Subject: Re: [PATCH 1/6] user namespace : add the framework
Date: Sun, 15 Jul 2007 18:31:32 -0700 [thread overview]
Message-ID: <20070715183132.e31a2064.akpm@linux-foundation.org> (raw)
In-Reply-To: <20070604194024.GA21703-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
On Mon, 4 Jun 2007 14:40:24 -0500 "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> wrote:
> Add the user namespace struct and framework
>
> Basically, it will allow a process to unshare its user_struct table, resetting
> at the same time its own user_struct and all the associated accounting.
>
> A new root user (uid == 0) is added to the user namespace upon creation. Such
> root users have full privileges and it seems that theses privileges should be
> controlled through some means (process capabilities ?)
The whole magical-uid-0-user thing in this patch seem just wrong to
me.
I'll merge it anyway, mainly because I want to merge _something_ (why oh
why do the git-tree guys leave everything to the last minute?) but it strikes
me that there's something fundamentally wrong whenever the kernel starts
"knowing" about the significance of UIDs in this fashion.
It worries me.
next parent reply other threads:[~2007-07-16 1:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20070604193957.GA19331@sergelap.austin.ibm.com>
[not found] ` <20070604194024.GA21703@sergelap.austin.ibm.com>
[not found] ` <20070604194024.GA21703-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-07-16 1:31 ` Andrew Morton [this message]
[not found] ` <20070715183132.e31a2064.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2007-07-16 14:34 ` [PATCH 1/6] user namespace : add the framework Serge E. Hallyn
[not found] ` <20070716143443.GA7393-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-07-16 14:38 ` Serge E. Hallyn
2007-07-16 14:54 ` David Howells
[not found] ` <28037.1184597651-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2007-07-16 15:27 ` Serge E. Hallyn
2007-07-16 14:54 ` Kirill Korotaev
[not found] ` <469B86A4.3050006-3ImXcnM4P+0@public.gmane.org>
2007-07-16 15:08 ` Serge E. Hallyn
[not found] ` <20070716150800.GA31369-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-07-18 0:11 ` Herbert Poetzl
[not found] ` <20070718001135.GA27495-ZD0Mn47LIGX0Pe/G4T7+5F6hYfS7NtTn@public.gmane.org>
2007-07-18 14:21 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070715183132.e31a2064.akpm@linux-foundation.org \
--to=akpm-de/tnxtf+jlsfhdxvbkv3wd2fqjk+8+b@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=xemul-3ImXcnM4P+0@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox