Serge E. Hallyn wrote: > Quoting Eric W. Biederman (ebiederm at xmission.com): >> "Serge E. Hallyn" <serue at us.ibm.com> writes: >> So in summary my only real complaint with removing CONFIG_USER_NS is >> that it appears to me that the code is incomplete and has not been >> closely scrutinized. As such making it available to end users without > > Valid complaint. > >> even a warning when that is the case appears irresponsible. >> Especially as much of the code that is sitting in Andrews tree is >> merged into the production kernel, when the window opens. > > An experimental marker like Cedric introduced does seem a good idea. Current -mm contains a fix from Andrew which forces user namespace to Y by default. I'll wait for the next -mm to rework the CONFIG_USER_NS if the patchset survives andrew's indigestion :( Sorry about that. C.
