From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Serge E. Hallyn" Subject: Re: [PATCHv3 0/2] capability controlled user-namespaces Date: Mon, 8 Jan 2018 00:24:52 -0600 Message-ID: <20180108062452.GA21717@mail.hallyn.com> References: <20171205223052.12687-1-mahesh@bandewar.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: James Morris Cc: Mahesh Bandewar =?utf-8?B?KOCkruCkueClh+CktiDgpKzgpILgpKHgpYfgpLXgpL4=?= =?utf-8?B?4KSwKQ==?= , LKML , Netdev , Kernel-hardening , Linux API , Kees Cook , Serge Hallyn , "Eric W . Biederman" , Eric Dumazet , David Miller , Mahesh Bandewar List-Id: linux-api@vger.kernel.org On Mon, Jan 08, 2018 at 11:35:26AM +1100, James Morris wrote: > On Tue, 2 Jan 2018, Mahesh Bandewar (महेश बंडेवार) wrote: > > > On Sat, Dec 30, 2017 at 12:31 AM, James Morris > > wrote: > > > On Wed, 27 Dec 2017, Mahesh Bandewar (महेश बंडेवार) wrote: > > > > > >> Hello James, > > >> > > >> Seems like I missed your name to be added into the review of this > > >> patch series. Would you be willing be pull this into the security > > >> tree? Serge Hallyn has already ACKed it. > > > > > > Sure! > > > > > Thank you James. > > I'd like to see what Eric Biederman thinks of this. > > Also, why do we need the concept of a controlled user-ns at all, if the > default whitelist maintains existing behavior? In past discussions two uses have been brought up: 1. if an 0-day is discovered which is exacerbated by a specific privilege in user namespaces, that privilege could be turned off until a reboot with a fixed kernel is scheduled, without fully disabling all containers. 2. some systems may be specifically designed to run software which only requires a few capabilities in a userns. In that case all others could be disabled.