From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Subject: Re: [RFC] User CLONE_NEWNS permission and rlimits
Date: Wed, 20 Apr 2005 04:20:05 +0100
Message-ID: <20050420032005.GN13052@parcelfarce.linux.theplanet.co.uk>
References: <a4e6962a05041918242857271a@mail.gmail.com> <1113961818.4920.90.camel@localhost> <fc67f8b705041920021656c487@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Ram <linuxram@us.ibm.com>, linux-fsdevel@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from parcelfarce.linux.theplanet.co.uk ([195.92.249.252]:9388 "EHLO
	parcelfarce.linux.theplanet.co.uk") by vger.kernel.org with ESMTP
	id S261253AbVDTDUC (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 19 Apr 2005 23:20:02 -0400
To: Ritesh Kumar <digitalove@gmail.com>
Content-Disposition: inline
In-Reply-To: <fc67f8b705041920021656c487@mail.gmail.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Tue, Apr 19, 2005 at 11:02:53PM -0400, Ritesh Kumar wrote:
> I am new to the list so please bear with me :-)
> 
> I have also be thinking about filesystem namespaces which are
> completely under the user's own control.

	How do you deal with su(1) finding /etc/shadow in your namespace
and seeing an entry for root there - with no password?

> I was also thinking of them
> being inherited and changed along the process heirarchy.

	We have that already...

> So a given
> process is allowed to change its namespace any way it likes and map it
> to its parent's namespace.

	See above.

> More importantly, I was thinking in terms of having this entire
> capability in the userspace itself. Instead of giving all the details
> right here... let me redirect you to the page where I have set up the
> prototype. You should be able to download the sample code (very small)
> and browse through it to get an idea of what I had in mind. I also
> have an article which explains what I was thinking. In essense, I was
> thinking of splitting up the conceps of 1) accessing the filesystem on
> the HDD/device and 2) setting up a namespace for accessing the files
> into two separate concepts and bringing up 2) completely in the
> userspace.
> What do you think? I would like to have feedback on the idea.

	That your library will leave any suid program seeing hell knows
what.  Which gets very unpleasant when you are using it to do something
with your files...

	That's besides the issues with races when two tasks that share
namespace attempt to change it.

> http://www.cs.unc.edu/~ritesh/projects/perprocessfs.html