From: Serge Hallyn <serge.hallyn@ubuntu.com>
To: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
linux-man <linux-man@vger.kernel.org>,
Linux Containers <containers@lists.linux-foundation.org>,
lkml <linux-kernel@vger.kernel.org>,
Vasily Kulikov <segoon@openwall.com>
Subject: Re: For review: user_namespaces(7) man page
Date: Fri, 15 Mar 2013 10:38:11 -0500 [thread overview]
Message-ID: <20130315153811.GD24305@sergelap> (raw)
In-Reply-To: <CAKgNAkh1TEkQiQ2g2jhbNzVTwpDYOreJt3rAukZCP9H1wh0mLQ@mail.gmail.com>
Hi,
you mention that after creating a new user namespace you at first have
all capabilities in the new ns. You don't explicitly mention (or I
missed it - I did see the mention of securebits) that if you want to
keep those capabilities after doing an exec, you need to first have
something mapped to uid 0 in the userns, and do setuid(0).
You might not want to list manpages from other projects, but Eric's
shadow patches introduce some good new manpages as well. Those aren't yet
accepted upstream, but if/when they are then mention at least of
subuid(5), subgid(5), and newuidmap(1) and newgidmap(1) might be good.
thanks,
-serge
next prev parent reply other threads:[~2013-03-15 15:38 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-15 6:37 For review: user_namespaces(7) man page Michael Kerrisk (man-pages)
2013-03-15 15:38 ` Serge Hallyn [this message]
2013-03-21 15:52 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkiMOGtuCyvhSpku65p1ZJ5SfdYcOxxAU+H-mk-76wqOPw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-04-29 7:45 ` richard -rw- weinberger
[not found] ` <CAFLxGvzXkGcR=Wyx8YZKKRACEnNLMA0xQoDfruq7CT1D-FNLnA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-04-29 19:45 ` Rob Landley
2013-04-29 20:35 ` richard -rw- weinberger
2013-05-14 7:54 ` Gao feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130315153811.GD24305@sergelap \
--to=serge.hallyn@ubuntu.com \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=segoon@openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).