* [PATCH 0/14] user namespaces v2: continue targetting capabilities
@ 2011-07-26 18:58 Serge Hallyn
0 siblings, 0 replies; 2+ messages in thread
From: Serge Hallyn @ 2011-07-26 18:58 UTC (permalink / raw)
To: linux-kernel-u79uwXL29TY76Z2rM5mHXA
Cc: dhowells-H+wXaHxf7aLQT0dZR+AlfA, netdev-u79uwXL29TY76Z2rM5mHXA,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA,
ebiederm-aS9lmoZGLiVWk0Htik3J/w
Hi,
here is a set of patches to continue targetting capabilities
where appropriate. This set goes about as far as is possible
without making the VFS user namespace aware, meaning that the
VFS can provide a namespaced view of userids, i.e init_user_ns
sees file owner 500, while child user ns sees file owner 0 or
1000. (There are a few other things, like siginfos, which can
be addressed before we address the VFS).
With this set applied, you can create and configure veth netdevs
if your user namespace owns your network namespace (and you are
privileged), but not otherwise.
Some simple testcases can be found at
https://code.launchpad.net/~serge-hallyn/+junk/usernstests with
packages at https://launchpad.net/~serge-hallyn/+archive/userns-natty
Feedback very much appreciated.
Changes since v1:
documentation: incorporate feedback on user_namespaces.txt
netlink_capable: use sock_net() instead of ifdefs
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH 0/14] user namespaces v2: continue targetting capabilities
@ 2011-07-26 18:58 Serge Hallyn
0 siblings, 0 replies; 2+ messages in thread
From: Serge Hallyn @ 2011-07-26 18:58 UTC (permalink / raw)
To: linux-kernel; +Cc: dhowells, ebiederm, containers, netdev, akpm
Hi,
here is a set of patches to continue targetting capabilities
where appropriate. This set goes about as far as is possible
without making the VFS user namespace aware, meaning that the
VFS can provide a namespaced view of userids, i.e init_user_ns
sees file owner 500, while child user ns sees file owner 0 or
1000. (There are a few other things, like siginfos, which can
be addressed before we address the VFS).
With this set applied, you can create and configure veth netdevs
if your user namespace owns your network namespace (and you are
privileged), but not otherwise.
Some simple testcases can be found at
https://code.launchpad.net/~serge-hallyn/+junk/usernstests with
packages at https://launchpad.net/~serge-hallyn/+archive/userns-natty
Feedback very much appreciated.
Changes since v1:
documentation: incorporate feedback on user_namespaces.txt
netlink_capable: use sock_net() instead of ifdefs
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-07-26 18:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-26 18:58 [PATCH 0/14] user namespaces v2: continue targetting capabilities Serge Hallyn
2011-07-26 18:58 Serge Hallyn
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.