Quoting Serge E. Hallyn (serue at us.ibm.com): > Quoting Eric W. Biederman (ebiederm at xmission.com): > > Herbert Poetzl <herbert at 13thfloor.at> writes: > > >> Beyond that yes it seems to make sense to let user space > > >> maintain any mapping of containers to ids. > > > > > > I agree with that, but we need something to move > > > around between the various spaces ... > > > > If you have CAP_SYS_PTRACE or you have a child process > > in a container you can create another with ptrace. > > > > Now I don't mind optimizing that case, with something like > > the proposed bind_ns syscall. But we need to be darn certain > > why it is safe, and does not change the security model that > > we currently have. > > Sigh, and that's going to have to be a discussion per namespace. Well, assuming that we're using pids as identifiers, that means we can only enter decendent namespaces, which means 'we' must have created them. So anything we could do by entering the ns, we could have done by creating it as well, right? -serge