From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755448AbcGZKaR (ORCPT ); Tue, 26 Jul 2016 06:30:17 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:34501 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751477AbcGZKaO (ORCPT ); Tue, 26 Jul 2016 06:30:14 -0400 Subject: Re: [PATCH v2 00/10] userns: sysctl limits for namespaces To: "Eric W. Biederman" , Linux Containers References: <8737n5dscy.fsf@x220.int.ebiederm.org> <87d1m754jc.fsf@x220.int.ebiederm.org> Cc: mtk.manpages@gmail.com, Andy Lutomirski , Jann Horn , Kees Cook , Nikolay Borisov , "Serge E. Hallyn" , Seth Forshee , linux-fsdevel@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org From: "Michael Kerrisk (man-pages)" Message-ID: <6be70177-a81d-7ed8-d2c9-a596d4d6a165@gmail.com> Date: Tue, 26 Jul 2016 12:30:10 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <87d1m754jc.fsf@x220.int.ebiederm.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Eric, I realized I had a question after the last mail. On 07/21/2016 06:39 PM, Eric W. Biederman wrote: > > This patchset addresses two use cases: > - Implement a sane upper bound on the number of namespaces. > - Provide a way for sandboxes to limit the attack surface from > namespaces. Can you say more about the second point? What exactly is the problem that is being addressed, and how does the patch series address it? (It would be good to have those details in the revised commit message...) Cheers, Michael