"Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> writes: > Paul Moore <paul@xxxxxxxxxxxxxx> writes: > >>> I did provide constructive feedback. My feedback to his problem >>> was to address the real problem of bugs in the kernel. >> >> We've heard from several people who have use cases which require >> adding LSM-level access controls and observability to user namespace >> creation. This is the problem we are trying to solve here; if you do >> not like the approach proposed in this patchset please suggest another >> implementation that allows LSMs visibility into user namespace >> creation. > > Please stop, ignoring my feedback, not detailing what problem or > problems you are actually trying to be solved, and threatening to merge > code into files that I maintain that has the express purpose of breaking > my users. > > You just artificially constrained the problems, so that no other > solution is acceptable. On that basis alone I am object to this whole > approach to steam roll over me and my code. If you want an example of what kind of harm it can cause to introduce a failure where no failure was before I invite you to look at what happened with sendmail when setuid was modified to fail, when changing the user of a process would cause RLIMIT_NPROC to be exceeded. I am not arguing that what you are proposing is that bad but unexpected failures cause real problems, and at a minimum that needs a better response than: "There is at least one user that wants a failure here". Frankly I would love to see an argument that semantically it ever makes sense for creating a user namespace to fail. If that argument has already been made, my apologies to the person who made as I missed it, in being sick and tired, and frustrated at being blown off, when I asked for a proper discuss of the problem at hand. Eric
