From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jamie Lokier <jamie@shareable.org>
Subject: Re: [RFC][2.6 patch] Allow creation of new namespaces during mount system call
Date: Thu, 21 Apr 2005 19:44:56 +0100
Message-ID: <20050421184455.GA7301@mail.shareable.org>
References: <a4e6962a05041915132f57de3f@mail.gmail.com> <20050419222324.GM13052@parcelfarce.linux.theplanet.co.uk> <a4e6962a0504191653f6848a6@mail.gmail.com> <20050420033304.GO13052@parcelfarce.linux.theplanet.co.uk> <20050420094558.GB10167@mail.shareable.org> <20050420124829.GB23518@vagabond> <20050420221358.GC21150@mail.shareable.org> <20050421100901.GB6197@vagabond>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>,
	Eric Van Hensbergen <ericvh@gmail.com>,
	linux-fsdevel@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail.shareable.org ([81.29.64.88]:39589 "EHLO
	mail.shareable.org") by vger.kernel.org with ESMTP id S261733AbVDUSpS
	(ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 21 Apr 2005 14:45:18 -0400
To: Jan Hudec <bulb@ucw.cz>
Content-Disposition: inline
In-Reply-To: <20050421100901.GB6197@vagabond>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

Jan Hudec wrote:
> By the way, IIRC so far the root can access all kernel memory too via
> /dev/kmem. So the limiting of root's rights would have to be limited
> a bit more yet.

On some hardened systems, root is not allowed access to /dev/kmem.

-- Jamie