Quoting Pavel Emelyanov (xemul@xxxxxxxxxx): > Hi, Cedric, Serge. > > I have noticed, that you have removed config options for > uts and ipc namespaces but kept one for user namespace. > > What's the policy about what namespaces should have config > option? I thought, that the only code that is worth having > under option is clone/destroy one to save .text size for > people who don't need them (embedded). The user namespaces are under a config and marked experimental because uid-based permission checks do not take namespaces into account and the root user in a namespace is not at all controlled. You can handle the security implications using selinux, but I guess the fear is that people would assume uid namespaces do more than they currently do. -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
