* User namespace feature freeze lifted
@ 2015-09-15 17:27 Eric W. Biederman
[not found] ` <87io7bd23x.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
0 siblings, 1 reply; 5+ messages in thread
From: Eric W. Biederman @ 2015-09-15 17:27 UTC (permalink / raw)
To: Linux Containers; +Cc: Seth Forshee, Andy Lutomirski
As of v4.3-rc1 all of the security issues I am aware of with the user
namespace have been addressed. If someone knows of something I have
overlooked please let me know.
As much as humanly possible I want to avoid security bugs in the future
so I will endeavour to ensure any future user namespace patches receive
a close review.
As for merging features I expect I will likley start with Seth's code
for associating superblock with user namespaces, and then move on to
Lukasz's code for figuring out how to add namespace for smack.
Eric
^ permalink raw reply [flat|nested] 5+ messages in thread[parent not found: <87io7bd23x.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>]
* Re: User namespace feature freeze lifted [not found] ` <87io7bd23x.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org> @ 2015-09-15 17:36 ` Serge Hallyn 2015-09-15 18:05 ` Eric W. Biederman 2015-09-15 18:23 ` Seth Forshee 1 sibling, 1 reply; 5+ messages in thread From: Serge Hallyn @ 2015-09-15 17:36 UTC (permalink / raw) To: Eric W. Biederman; +Cc: Seth Forshee, Linux Containers, Andy Lutomirski Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org): > > As of v4.3-rc1 all of the security issues I am aware of with the user > namespace have been addressed. If someone knows of something I have > overlooked please let me know. > > As much as humanly possible I want to avoid security bugs in the future > so I will endeavour to ensure any future user namespace patches receive > a close review. > > As for merging features I expect I will likley start with Seth's code > for associating superblock with user namespaces, and then move on to > Lukasz's code for figuring out how to add namespace for smack. Should there be a User Namespace maintainer? ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: User namespace feature freeze lifted 2015-09-15 17:36 ` Serge Hallyn @ 2015-09-15 18:05 ` Eric W. Biederman [not found] ` <874mivd0ct.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org> 0 siblings, 1 reply; 5+ messages in thread From: Eric W. Biederman @ 2015-09-15 18:05 UTC (permalink / raw) To: Serge Hallyn; +Cc: Seth Forshee, Linux Containers, Andy Lutomirski Serge Hallyn <serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org> writes: > Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org): >> >> As of v4.3-rc1 all of the security issues I am aware of with the user >> namespace have been addressed. If someone knows of something I have >> overlooked please let me know. >> >> As much as humanly possible I want to avoid security bugs in the future >> so I will endeavour to ensure any future user namespace patches receive >> a close review. >> >> As for merging features I expect I will likley start with Seth's code >> for associating superblock with user namespaces, and then move on to >> Lukasz's code for figuring out how to add namespace for smack. > > Should there be a User Namespace maintainer? Do you mean documented in maintainers? Last I cheked I am wearing the user namespace maintainer hat. Eric ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <874mivd0ct.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>]
* Re: User namespace feature freeze lifted [not found] ` <874mivd0ct.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org> @ 2015-09-15 18:44 ` Serge E. Hallyn 0 siblings, 0 replies; 5+ messages in thread From: Serge E. Hallyn @ 2015-09-15 18:44 UTC (permalink / raw) To: Eric W. Biederman Cc: Seth Forshee, Linux Containers, Serge Hallyn, Andy Lutomirski On Tue, Sep 15, 2015 at 01:05:38PM -0500, Eric W. Biederman wrote: > Serge Hallyn <serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org> writes: > > > Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org): > >> > >> As of v4.3-rc1 all of the security issues I am aware of with the user > >> namespace have been addressed. If someone knows of something I have > >> overlooked please let me know. > >> > >> As much as humanly possible I want to avoid security bugs in the future > >> so I will endeavour to ensure any future user namespace patches receive > >> a close review. > >> > >> As for merging features I expect I will likley start with Seth's code > >> for associating superblock with user namespaces, and then move on to > >> Lukasz's code for figuring out how to add namespace for smack. > > > > Should there be a User Namespace maintainer? > > Do you mean documented in maintainers? Yup, to make sure people know to contact you about patches that affect it. Maybe it's not needed as you're pretty on top of any changes that affect userns. And while we could document kernel/user{,_namespace}.c as affecting it, I don't know how we would describe changes outside of those files that would relate to it. So nm :) > Last I cheked I am wearing > the user namespace maintainer hat. > > Eric > > _______________________________________________ > Containers mailing list > Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org > https://lists.linuxfoundation.org/mailman/listinfo/containers ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: User namespace feature freeze lifted [not found] ` <87io7bd23x.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org> 2015-09-15 17:36 ` Serge Hallyn @ 2015-09-15 18:23 ` Seth Forshee 1 sibling, 0 replies; 5+ messages in thread From: Seth Forshee @ 2015-09-15 18:23 UTC (permalink / raw) To: Eric W. Biederman; +Cc: Linux Containers, Andy Lutomirski On Tue, Sep 15, 2015 at 12:27:46PM -0500, Eric W. Biederman wrote: > > As of v4.3-rc1 all of the security issues I am aware of with the user > namespace have been addressed. If someone knows of something I have > overlooked please let me know. > > As much as humanly possible I want to avoid security bugs in the future > so I will endeavour to ensure any future user namespace patches receive > a close review. > > As for merging features I expect I will likley start with Seth's code > for associating superblock with user namespaces, and then move on to > Lukasz's code for figuring out how to add namespace for smack. As for my patches, I'm in the process of testing after rebasing onto 4.3-rc1. I should be sending an update in the next day or so, though nothing will change except for resolving merge conflicts and fixing that one inadvertent change I introduced in v2. Seth ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-09-15 18:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-15 17:27 User namespace feature freeze lifted Eric W. Biederman
[not found] ` <87io7bd23x.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-09-15 17:36 ` Serge Hallyn
2015-09-15 18:05 ` Eric W. Biederman
[not found] ` <874mivd0ct.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-09-15 18:44 ` Serge E. Hallyn
2015-09-15 18:23 ` Seth Forshee
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox