From: Cedric Le Goater <clg@fr.ibm.com>
To: Arjan van de Ven <arjan@infradead.org>
Cc: linux-kernel@vger.kernel.org, Dave Hansen <haveblue@us.ibm.com>
Subject: Re: [PATCH -mm 0/7] execns syscall and user namespace
Date: Tue, 11 Jul 2006 10:42:23 +0200 [thread overview]
Message-ID: <44B3646F.5030902@fr.ibm.com> (raw)
In-Reply-To: <1152604970.3128.15.camel@laptopd505.fenrus.org>
Arjan van de Ven wrote:
> how does this interact with the unshare() syscall ?
it complements unshare(). The purpose of this syscall is to unshare a
namespace after the process has been flushed.
> can the unshare syscall be rigged up such that you have the same effect?
We need a clean context with no reference in other namespaces to make
unshare safe. It seemed easier to add an improved execve() with an extra
flag than to modify unshare() to make it flush the old exec.
Now, that does not make unshare() useless. It's perfectly acceptable for
uts namespace. But IMO, it's dangerous for ipc namespace and user namespace
which are more complex because they have references all over the place :
network with socket, mm for shmem, files for accounting.
thanks,
C.
next prev parent reply other threads:[~2006-07-11 8:42 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-11 7:50 [PATCH -mm 0/7] execns syscall and user namespace Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 1/7] add execns syscall core routine Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 2/7] add execns syscall to s390 Cedric Le Goater
2006-07-11 13:44 ` Martin Schwidefsky
2006-07-11 13:44 ` Martin Schwidefsky
2006-07-11 14:44 ` Cedric Le Goater
2006-07-11 14:54 ` Martin Schwidefsky
2006-07-11 15:43 ` Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 3/7] add execns syscall to x86_64 Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 4/7] add execns syscall to i386 Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 5/7] add user namespace Cedric Le Goater
2006-07-11 16:39 ` Kirill Korotaev
2006-07-11 17:38 ` Cedric Le Goater
2006-07-12 11:21 ` Kirill Korotaev
2006-07-13 16:01 ` Cedric Le Goater
2006-07-12 3:33 ` Eric W. Biederman
2006-07-12 11:13 ` Kirill Korotaev
2006-07-12 18:10 ` Eric W. Biederman
2006-07-13 17:00 ` Cedric Le Goater
2006-07-13 18:07 ` Eric W. Biederman
2006-07-13 18:21 ` Eric W. Biederman
2006-07-13 18:31 ` Dave Hansen
2006-07-13 18:54 ` Eric W. Biederman
2006-07-12 3:46 ` Eric W. Biederman
2006-07-12 12:05 ` Herbert Poetzl
2006-07-12 17:09 ` Eric W. Biederman
2006-07-12 14:00 ` Cedric Le Goater
2006-07-12 17:24 ` Eric W. Biederman
2006-07-13 17:36 ` Cedric Le Goater
2006-07-13 17:47 ` Serge E. Hallyn
2006-07-13 18:14 ` Eric W. Biederman
2006-07-13 18:29 ` Dave Hansen
2006-07-13 19:02 ` Eric W. Biederman
2006-07-13 20:03 ` Dave Hansen
2006-07-14 3:45 ` Eric W. Biederman
2006-07-14 14:28 ` Dave Hansen
2006-07-14 15:13 ` Eric W. Biederman
2006-07-14 16:29 ` Serge E. Hallyn
2006-07-14 16:49 ` Eric W. Biederman
2006-07-14 16:55 ` Dave Hansen
2006-07-14 17:08 ` Serge E. Hallyn
2006-07-14 17:19 ` Dave Hansen
2006-07-14 17:36 ` Eric W. Biederman
2006-07-14 18:15 ` Trond Myklebust
2006-07-14 18:40 ` Eric W. Biederman
2006-07-14 21:04 ` Trond Myklebust
2006-07-15 4:09 ` Eric W. Biederman
2006-07-15 4:35 ` Kyle Moffett
2006-07-15 12:35 ` Eric W. Biederman
2006-07-15 13:25 ` Kyle Moffett
2006-07-15 15:54 ` Dave Hansen
2006-07-15 17:01 ` Trond Myklebust
2006-07-15 23:29 ` Eric W. Biederman
2006-07-16 16:18 ` Dave Hansen
2006-07-14 17:14 ` Eric W. Biederman
2006-07-16 8:36 ` Kirill Korotaev
2006-07-16 10:08 ` Eric W. Biederman
2006-07-14 17:05 ` Serge E. Hallyn
2006-07-14 17:50 ` Kyle Moffett
2006-07-15 11:33 ` Serge E. Hallyn
2006-07-14 17:56 ` Eric W. Biederman
2006-07-14 16:35 ` Dave Hansen
2006-07-13 21:41 ` Serge E. Hallyn
2006-07-14 3:52 ` Eric W. Biederman
2006-07-14 14:02 ` Serge E. Hallyn
2006-07-14 14:50 ` Eric W. Biederman
2006-07-14 16:39 ` Serge E. Hallyn
2006-07-14 17:18 ` Eric W. Biederman
2006-07-14 17:24 ` Dave Hansen
2006-07-14 18:06 ` Eric W. Biederman
2006-07-14 18:42 ` Dave Hansen
2006-07-14 19:07 ` Eric W. Biederman
2006-07-13 17:59 ` Eric W. Biederman
2006-07-13 21:22 ` Serge E. Hallyn
2006-07-14 3:50 ` Eric W. Biederman
2006-07-14 14:17 ` Serge E. Hallyn
2006-07-14 15:05 ` Eric W. Biederman
2006-07-14 16:46 ` Serge E. Hallyn
2006-07-14 16:58 ` Eric W. Biederman
2006-07-14 15:43 ` Kyle Moffett
2006-07-14 16:13 ` Eric W. Biederman
2006-07-11 7:50 ` [PATCH -mm 6/7] add the user namespace to the execns syscall Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 7/7] forbid the use of the unshare syscall on ipc namespaces Cedric Le Goater
2006-07-11 14:10 ` Kirill Korotaev
2006-07-11 15:06 ` Cedric Le Goater
2006-07-11 8:02 ` [PATCH -mm 0/7] execns syscall and user namespace Arjan van de Ven
2006-07-11 8:42 ` Cedric Le Goater [this message]
2006-07-11 18:12 ` H. Peter Anvin
2006-07-11 18:26 ` Cedric Le Goater
2006-07-11 18:28 ` H. Peter Anvin
2006-07-11 19:50 ` Ulrich Drepper
2006-07-11 21:50 ` Cedric Le Goater
2006-07-11 21:57 ` H. Peter Anvin
2006-07-12 0:16 ` Ulrich Drepper
2006-07-12 0:25 ` H. Peter Anvin
2006-07-12 0:28 ` H. Peter Anvin
2006-07-11 20:22 ` Eric W. Biederman
2006-07-11 21:28 ` Cedric Le Goater
2006-07-12 3:24 ` Eric W. Biederman
2006-07-12 13:05 ` Cedric Le Goater
2006-07-12 16:56 ` Eric W. Biederman
2006-07-13 16:13 ` Cedric Le Goater
2006-07-12 11:11 ` Kirill Korotaev
2006-07-12 13:10 ` Cedric Le Goater
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44B3646F.5030902@fr.ibm.com \
--to=clg@fr.ibm.com \
--cc=arjan@infradead.org \
--cc=haveblue@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox