From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ram Subject: Re: [RFC] User CLONE_NEWNS permission and rlimits Date: Wed, 20 Apr 2005 10:07:46 -0700 Message-ID: <1114016865.4920.142.camel@localhost> References: <1113961818.4920.90.camel@localhost> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Cc: linux-fsdevel@vger.kernel.org, Al Viro Return-path: Received: from e35.co.us.ibm.com ([32.97.110.133]:36345 "EHLO e35.co.us.ibm.com") by vger.kernel.org with ESMTP id S261468AbVDTRIP (ORCPT ); Wed, 20 Apr 2005 13:08:15 -0400 Received: from westrelay02.boulder.ibm.com (westrelay02.boulder.ibm.com [9.17.195.11]) by e35.co.us.ibm.com (8.12.10/8.12.9) with ESMTP id j3KH8ELg100750 for ; Wed, 20 Apr 2005 13:08:14 -0400 Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by westrelay02.boulder.ibm.com (8.12.10/NCO/VER6.6) with ESMTP id j3KH8Eia327698 for ; Wed, 20 Apr 2005 11:08:14 -0600 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.12.11/8.12.11) with ESMTP id j3KH8DYw013223 for ; Wed, 20 Apr 2005 11:08:13 -0600 To: Eric Van Hensbergen In-Reply-To: Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Wed, 2005-04-20 at 05:47, Eric Van Hensbergen wrote: > On 4/19/05, Ram wrote: > > On Tue, 2005-04-19 at 18:24, Eric Van Hensbergen wrote: > > > > > > Is this sufficient to cover any exposure? What's the correct solution > > > for the shared sub-trees RFC? Should there be something similar for > > > user mounts/binds? > > > > A new namespace in a shared subtree realm can create number-of- > > private-namespaces number of mounts or binds depending on the number of > > binds and mounts in the shared tree. > > > > for example if there were 10 shared vfsmounts in the original > > namespace, a new private namespace will duplicate 10 of these, and > > any mount or bind attempted in any of these vfsmounts will double the > > number of mounts and binds. > > > > Hence probably you may want to keep a tab on the number mounts and > > binds a user does, instead of keeping a tab on the number of namespaces > > a user creates. > > > > Yeah, that does make a lot more sense, I suppose in the worst case a > user is guaranteed to not have more namespaces than processes anyways. > So, should the count of mounts be inclusive of mounts the user > inherits, or only the ones he creates? I suppose as a resource limit, > it should probably cover both. Yes I think it should be both. It should be the sum total of all the mounts that exists in all the user-created-namespaces. I would not add "the mounts that propogated to some other namespace because of a mount in the user's namespace" towards the total, because those mounts are for some other user/namespace. RP > > -eric