From: Eric Van Hensbergen <ericvh@gmail.com>
To: Jamie Lokier <jamie@shareable.org>
Cc: Ram <linuxram@us.ibm.com>, Miklos Szeredi <miklos@szeredi.hu>,
7eggert@gmx.de, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, smfrench@austin.rr.com,
hch@infradead.org
Subject: Re: [RCF] [PATCH] unprivileged mount/umount
Date: Thu, 12 May 2005 08:23:18 -0500 [thread overview]
Message-ID: <a4e6962a0505120623645c0947@mail.gmail.com> (raw)
In-Reply-To: <20050512064514.GA12315@mail.shareable.org>
On 5/12/05, Jamie Lokier <jamie@shareable.org> wrote:
> Eric Van Hensbergen wrote:
> > On 5/11/05, Jamie Lokier <jamie@shareable.org> wrote:
> > > Please read carefully: I've described what _current_ kernels do.
> > >
> >
> > I guess I misread when you wrote:
>
> There are some things which you can't do with current kernels due to
> the checks against current->namespace. I'm not sure how important
> those checks are. And there are some things which you _can_ do, such
> as passing directory file descriptors among processes which are in
> different namespaces.
>
I'm not sure passing directory file descriptors is the right semantic
we want - but at least it provides a point of explicit control (in
much the same way as a bind). Are you sure the clone + open("/") +
pass-to-parent scenario you allows the parent to traverse the child's
private name space through that fd? That seems as bad as accessing
pid name space via the /proc file system.
In Plan 9, file descriptors are passed between name spaces, but the
only use of such a facility (described in fork(2) [plan9man]) is to
pass channels to file servers which can then be mounted in a blank
name space. exportfs(4)[plan9man] seems to provide a much nicer
semantic for this sort of name space sharing.
Let's focus on baby steps first, and to me that's:
a) get rid of holes that allow users to traverse out of a chroot jail
by using the creation of private name spaces (is anyone working on
this, did I miss a patch?)
b) make CLONE_NEWNS (and any other name space creation mechanisms such
as the proposed unshare system call) available to normal users
c) Get the unshare system call adopted as it seems to be generally useful
d) Get Miklos' unprivileged mount/umount patch adopted in mainline
These 4 things open up lots of opportunities and alternatives, if they
prove to be insufficient then we can press forward on name spaces as
first class objects, etc.
-eric
[plan9man] Plan 9 manual pages are available at
http://plan9.bell-labs.com/sys/man/index.html
next prev parent reply other threads:[~2005-05-12 13:23 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <406SQ-5P9-5@gated-at.bofh.it>
[not found] ` <40rNB-6p8-3@gated-at.bofh.it>
[not found] ` <40t37-7ol-5@gated-at.bofh.it>
[not found] ` <42VeB-8hG-3@gated-at.bofh.it>
[not found] ` <42WNo-1eJ-17@gated-at.bofh.it>
2005-05-11 16:41 ` [RCF] [PATCH] unprivileged mount/umount Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-05-11 17:07 ` Jamie Lokier
2005-05-11 18:49 ` Miklos Szeredi
2005-05-11 19:05 ` serue
2005-05-11 19:46 ` Bodo Eggert
2005-05-11 20:40 ` Miklos Szeredi
2005-05-11 21:11 ` Jamie Lokier
2005-05-12 3:05 ` serue
2005-05-11 19:35 ` Ram
2005-05-11 20:31 ` Miklos Szeredi
2005-05-11 21:28 ` Jamie Lokier
2005-05-11 22:42 ` Ram
2005-05-11 22:58 ` Eric Van Hensbergen
2005-05-12 1:02 ` Jamie Lokier
2005-05-12 2:18 ` Eric Van Hensbergen
2005-05-12 6:45 ` Jamie Lokier
2005-05-12 13:23 ` Eric Van Hensbergen [this message]
2005-05-12 13:47 ` serue
2005-05-12 15:16 ` Jamie Lokier
2005-05-12 12:51 ` serue
2005-05-12 18:51 ` Miklos Szeredi
2005-05-12 19:56 ` Jamie Lokier
2005-05-13 8:55 ` Miklos Szeredi
2005-05-13 1:10 ` Ram
2005-05-13 6:06 ` Miklos Szeredi
2005-05-13 7:25 ` Ram
2005-05-13 8:59 ` Ram
2005-05-13 9:10 ` Miklos Szeredi
2005-05-13 16:53 ` Ram
2005-05-13 17:14 ` Miklos Szeredi
2005-05-13 18:44 ` Alan Cox
2005-05-13 20:56 ` Bryan Henderson
2005-05-12 0:59 ` Jamie Lokier
2005-05-13 6:41 ` Ram
2005-05-11 21:09 ` Jamie Lokier
2005-05-11 21:20 ` Miklos Szeredi
2005-05-11 21:32 ` Jamie Lokier
2005-05-11 19:32 ` Bodo Eggert
2005-05-11 21:23 ` Jamie Lokier
2005-05-11 21:34 ` Miklos Szeredi
2005-05-11 21:36 ` Jamie Lokier
2005-05-12 3:08 ` serue
2005-05-03 14:31 Miklos Szeredi
2005-05-03 17:30 ` Bill Davidsen
2005-05-04 13:08 ` Eric Van Hensbergen
2005-05-04 14:21 ` Miklos Szeredi
2005-05-04 14:51 ` Eric Van Hensbergen
2005-05-04 15:21 ` Miklos Szeredi
2005-05-11 8:51 ` Christoph Hellwig
2005-05-11 10:31 ` Miklos Szeredi
2005-05-12 21:08 ` Bryan Henderson
2005-05-13 5:47 ` Miklos Szeredi
2005-05-13 7:19 ` Jan Hudec
2005-05-13 8:33 ` Miklos Szeredi
2005-05-13 23:09 ` Bryan Henderson
2005-05-14 6:58 ` Miklos Szeredi
2005-05-16 18:35 ` Bryan Henderson
2005-05-14 11:49 ` Jamie Lokier
2005-05-04 13:47 ` Martin Waitz
2005-05-04 14:34 ` Miklos Szeredi
2005-05-11 8:53 ` Christoph Hellwig
2005-05-11 8:48 ` Christoph Hellwig
2005-05-11 10:20 ` Miklos Szeredi
2005-05-16 9:34 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a4e6962a0505120623645c0947@mail.gmail.com \
--to=ericvh@gmail.com \
--cc=7eggert@gmx.de \
--cc=hch@infradead.org \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxram@us.ibm.com \
--cc=miklos@szeredi.hu \
--cc=smfrench@austin.rr.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).