>>> If someones permissions to various objects does not depend on the namespace >>> they are in quite possibly this is a non-issue. If we actually depend on >>> the isolation to keep things secure enter is a setup for a first rate escape. >> I don't believe the isolation can be effective between two namespaces >> where one is an ancestor of another. It can be so long as one isn't >> the ancestor of another, but then we're not allowing either to enter >> the other namespace. So it's not a problem. > > Reasonable. > >> The bind_ns() proposed by Cedric is stricter, only allowing nsid 0 to >> switch namespaces. So it may be overly restrictive, and does introduce >> a new global namespace, but it is safe. > > I will look a little more. There are a lot patches out there that need > review. What disturbs a little is that with ptrace we have an existing > mechanism that can do everything we want enter or bind_ns to be able to do. Eric, you have this habit of flooding us with email whenever a patchset is sent on this topic. It is a bad habit. Please take some time to look at it before. There is work behind it and it tries to address some issues. This patchset has been sent on container@ as a proposal for -mm. I'll try to make a summary of how we can improve next one to move forward. I still need to read all your emails :) thanks, C.