From mboxrd@z Thu Jan 1 00:00:00 1970 From: Serge Hallyn Subject: Re: Controlling devices and device namespaces Date: Sun, 16 Sep 2012 08:32:01 -0500 Message-ID: <5055D4D1.3070407@hallyn.com> References: <20120913205827.GO7677@google.com> <20120914183641.GA2191@cathedrallabs.org> <20120915022037.GA6438@mail.hallyn.com> <87wqzv7i08.fsf_-_@xmission.com> <20120915220520.GA11364@mail.hallyn.com> <87y5kazuez.fsf@xmission.com> <20120916122112.3f16178d@pyramind.ukuu.org.uk> <87sjaiuqp5.fsf@xmission.com> <87d31mupp3.fsf@xmission.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <87d31mupp3.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "Eric W. Biederman" Cc: Aristeu Rozanski , Neil Horman , containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Michal Hocko , Tejun Heo , cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Paul Mackerras , "Aneesh Kumar K.V" , Arnaldo Carvalho de Melo , Johannes Weiner , Thomas Graf , "Serge E. Hallyn" , Paul Turner , Ingo Molnar , Alan Cox List-Id: containers.vger.kernel.org On 09/16/2012 07:17 AM, Eric W. Biederman wrote: > ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) writes: > >> Alan Cox writes: >> >>>> One piece of the puzzle is that we should be able to allow unprivileged >>>> device node creation and access for any device on any filesystem >>>> for which it unprivileged access is safe. >>> >>> Which devices are "safe" is policy for all interesting and useful cases, >>> as are file permissions, security tags, chroot considerations and the >>> like. >>> >>> It's a complete non starter. > > Come to think of it mknod is completely unnecessary. > > Without mknod. Without being able to mount filesystems containing > device nodes. Hm? That sounds like it will really upset init/udev/upgrades in the container. Are you saying all filesystems containing device nodes will need to be mounted in advance by the process setting up the container? > The mount namespace is sufficient to prevent all of the > cases that the device control group prevents (open and mknod on device > nodes). > > So I honestly think the device control group is superflous, and it is > probably wise to deprecate it and move to a model where it does not > exist. > > Eric > That's what I said a few emails ago :) The device cgroup was meant as a short-term workaround for lack of user (and device) namespaces.