From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Lukasz Pawelczyk <l.pawelczyk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
Cc: Vladimir Davydov
<vdavydov-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>,
Miklos Szeredi <mszeredi-AlSwsSmVLrQ@public.gmane.org>,
Lukasz Pawelczyk <havner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Mark Rustad
<mark.d.rustad-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Matthew Dempsky
<mdempsky-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>,
Daeseok Youn
<daeseok.youn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Jeff Kirsher
<jeffrey.t.kirsher-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
David Rientjes <rientjes-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Alex Thorlton <athorlton-sJ/iWh9BUns@public.gmane.org>,
Juri Lelli <juri.lelli-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Nikolay Aleksandrov
<nikolay-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Dario Faggioli <raistlin-k2GhghHVRtY@public.gmane.org>,
Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
James Morris
<james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
"open lis t:ABI/API"
<linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Paul Moore <pmoore@red>
Subject: Re: [RFC] lsm: namespace hooks
Date: Thu, 27 Nov 2014 09:42:33 -0600 [thread overview]
Message-ID: <87d288zm3a.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <1417101060.1805.21.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org> (Lukasz Pawelczyk's message of "Thu, 27 Nov 2014 16:11:00 +0100")
Lukasz Pawelczyk <l.pawelczyk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org> writes:
> On czw, 2014-11-27 at 16:01 +0100, Richard Weinberger wrote:
>> Am 27.11.2014 um 15:44 schrieb Lukasz Pawelczyk:
>> > True, the last one is 0x80000000. I did not notice that. Thanks for
>> > pointing out.
>>
>> Isn't this CLONE_IO?
>
> Yes, I was merely noticing out loud that it's the last bit of 32bit.
>
> After close look though the 0x00001000 appears to be unused
>
>> > Any suggestion on what can be done here? New syscal with flags2?
>>
>> I'm not sure. But a new syscall would be a candidate.
We are probably going to need to go a couple rounds with this but at
first approximation I think this functionality needs to be tied to the
user namespace. This functionality already looks half tied to it.
When mounting filesystems with user namespaces priveleges matures a
little more you should be able to use unmapped labels. In the near term
we are looking at filesystems such as tmpfs, fuse and posibly extN.
Eric
next prev parent reply other threads:[~2014-11-27 15:42 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1417096866-25563-1-git-send-email-l.pawelczyk@samsung.com>
[not found] ` <1417096866-25563-1-git-send-email-l.pawelczyk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 14:01 ` [RFC] lsm: namespace hooks Lukasz Pawelczyk
[not found] ` <1417096866-25563-2-git-send-email-l.pawelczyk@samsung.com>
[not found] ` <1417096866-25563-2-git-send-email-l.pawelczyk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 14:18 ` Richard Weinberger
[not found] ` <CAFLxGvzw4N4QFv5Vg1dDf9pdRe+Szbevmqn5QNwjLHN4xrokCg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-27 14:35 ` Lukasz Pawelczyk
[not found] ` <1417098928.1805.15.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 14:38 ` Richard Weinberger
[not found] ` <54773757.8090905-/L3Ra7n9ekc@public.gmane.org>
2014-11-27 14:44 ` Lukasz Pawelczyk
[not found] ` <1417099455.1805.17.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 15:01 ` Richard Weinberger
[not found] ` <54773CE7.5040303-/L3Ra7n9ekc@public.gmane.org>
2014-11-27 15:11 ` Lukasz Pawelczyk
[not found] ` <1417101060.1805.21.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 15:17 ` Richard Weinberger
[not found] ` <547740A0.4040700-/L3Ra7n9ekc@public.gmane.org>
2014-11-27 15:24 ` Lukasz Pawelczyk
2014-11-27 15:42 ` Eric W. Biederman [this message]
[not found] ` <87d288zm3a.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-11-27 16:07 ` Lukasz Pawelczyk
[not found] ` <1417104439.1805.25.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 16:44 ` Eric W. Biederman
[not found] ` <871tooy4nc.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-11-27 17:38 ` Lukasz Pawelczyk
[not found] ` <1417109911.1805.27.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-12-02 12:43 ` Lukasz Pawelczyk
[not found] ` <1417524193.1899.2.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-12-09 16:13 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d288zm3a.fsf@x220.int.ebiederm.org \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=athorlton-sJ/iWh9BUns@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=daeseok.youn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=havner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=jeffrey.t.kirsher-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=juri.lelli-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=l.pawelczyk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mark.d.rustad-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=mdempsky-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=mszeredi-AlSwsSmVLrQ@public.gmane.org \
--cc=nikolay-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=pmoore@red \
--cc=raistlin-k2GhghHVRtY@public.gmane.org \
--cc=richard-/L3Ra7n9ekc@public.gmane.org \
--cc=rientjes-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=vdavydov-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox