Linux Container Development
 help / color / mirror / Atom feed
* User namespace feature freeze lifted
@ 2015-09-15 17:27 Eric W. Biederman
       [not found] ` <87io7bd23x.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
  0 siblings, 1 reply; 5+ messages in thread
From: Eric W. Biederman @ 2015-09-15 17:27 UTC (permalink / raw)
  To: Linux Containers; +Cc: Seth Forshee, Andy Lutomirski


As of v4.3-rc1 all of the security issues I am aware of with the user
namespace have been addressed.  If someone knows of something I have
overlooked please let me know.

As much as humanly possible I want to avoid security bugs in the future
so I will endeavour to ensure any future user namespace patches receive
a close review.

As for merging features I expect I will likley start with Seth's code
for associating superblock with user namespaces, and then move on to
Lukasz's code for figuring out how to add namespace for smack.

Eric

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: User namespace feature freeze lifted
       [not found] ` <87io7bd23x.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
@ 2015-09-15 17:36   ` Serge Hallyn
  2015-09-15 18:05     ` Eric W. Biederman
  2015-09-15 18:23   ` Seth Forshee
  1 sibling, 1 reply; 5+ messages in thread
From: Serge Hallyn @ 2015-09-15 17:36 UTC (permalink / raw)
  To: Eric W. Biederman; +Cc: Seth Forshee, Linux Containers, Andy Lutomirski

Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
> 
> As of v4.3-rc1 all of the security issues I am aware of with the user
> namespace have been addressed.  If someone knows of something I have
> overlooked please let me know.
> 
> As much as humanly possible I want to avoid security bugs in the future
> so I will endeavour to ensure any future user namespace patches receive
> a close review.
> 
> As for merging features I expect I will likley start with Seth's code
> for associating superblock with user namespaces, and then move on to
> Lukasz's code for figuring out how to add namespace for smack.

Should there be a User Namespace maintainer?

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: User namespace feature freeze lifted
  2015-09-15 17:36   ` Serge Hallyn
@ 2015-09-15 18:05     ` Eric W. Biederman
       [not found]       ` <874mivd0ct.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
  0 siblings, 1 reply; 5+ messages in thread
From: Eric W. Biederman @ 2015-09-15 18:05 UTC (permalink / raw)
  To: Serge Hallyn; +Cc: Seth Forshee, Linux Containers, Andy Lutomirski

Serge Hallyn <serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org> writes:

> Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
>> 
>> As of v4.3-rc1 all of the security issues I am aware of with the user
>> namespace have been addressed.  If someone knows of something I have
>> overlooked please let me know.
>> 
>> As much as humanly possible I want to avoid security bugs in the future
>> so I will endeavour to ensure any future user namespace patches receive
>> a close review.
>> 
>> As for merging features I expect I will likley start with Seth's code
>> for associating superblock with user namespaces, and then move on to
>> Lukasz's code for figuring out how to add namespace for smack.
>
> Should there be a User Namespace maintainer?

Do you mean documented in maintainers?  Last I cheked I am wearing
the user namespace maintainer hat.

Eric

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: User namespace feature freeze lifted
       [not found] ` <87io7bd23x.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
  2015-09-15 17:36   ` Serge Hallyn
@ 2015-09-15 18:23   ` Seth Forshee
  1 sibling, 0 replies; 5+ messages in thread
From: Seth Forshee @ 2015-09-15 18:23 UTC (permalink / raw)
  To: Eric W. Biederman; +Cc: Linux Containers, Andy Lutomirski

On Tue, Sep 15, 2015 at 12:27:46PM -0500, Eric W. Biederman wrote:
> 
> As of v4.3-rc1 all of the security issues I am aware of with the user
> namespace have been addressed.  If someone knows of something I have
> overlooked please let me know.
> 
> As much as humanly possible I want to avoid security bugs in the future
> so I will endeavour to ensure any future user namespace patches receive
> a close review.
> 
> As for merging features I expect I will likley start with Seth's code
> for associating superblock with user namespaces, and then move on to
> Lukasz's code for figuring out how to add namespace for smack.

As for my patches, I'm in the process of testing after rebasing onto
4.3-rc1. I should be sending an update in the next day or so, though
nothing will change except for resolving merge conflicts and fixing
that one inadvertent change I introduced in v2.

Seth

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: User namespace feature freeze lifted
       [not found]       ` <874mivd0ct.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
@ 2015-09-15 18:44         ` Serge E. Hallyn
  0 siblings, 0 replies; 5+ messages in thread
From: Serge E. Hallyn @ 2015-09-15 18:44 UTC (permalink / raw)
  To: Eric W. Biederman
  Cc: Seth Forshee, Linux Containers, Serge Hallyn, Andy Lutomirski

On Tue, Sep 15, 2015 at 01:05:38PM -0500, Eric W. Biederman wrote:
> Serge Hallyn <serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org> writes:
> 
> > Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
> >> 
> >> As of v4.3-rc1 all of the security issues I am aware of with the user
> >> namespace have been addressed.  If someone knows of something I have
> >> overlooked please let me know.
> >> 
> >> As much as humanly possible I want to avoid security bugs in the future
> >> so I will endeavour to ensure any future user namespace patches receive
> >> a close review.
> >> 
> >> As for merging features I expect I will likley start with Seth's code
> >> for associating superblock with user namespaces, and then move on to
> >> Lukasz's code for figuring out how to add namespace for smack.
> >
> > Should there be a User Namespace maintainer?
> 
> Do you mean documented in maintainers?

Yup, to make sure people know to contact you about patches that affect
it.

Maybe it's not needed as you're pretty on top of any changes that affect
userns.  And while we could document kernel/user{,_namespace}.c as affecting
it, I don't know how we would describe changes outside of those files that
would relate to it.

So nm :)

>   Last I cheked I am wearing
> the user namespace maintainer hat.
> 
> Eric
> 
> _______________________________________________
> Containers mailing list
> Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-09-15 18:44 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-15 17:27 User namespace feature freeze lifted Eric W. Biederman
     [not found] ` <87io7bd23x.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-09-15 17:36   ` Serge Hallyn
2015-09-15 18:05     ` Eric W. Biederman
     [not found]       ` <874mivd0ct.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-09-15 18:44         ` Serge E. Hallyn
2015-09-15 18:23   ` Seth Forshee

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox