"Serge E. Hallyn" <serue@xxxxxxxxxx> writes: > The uid check needs to be fixed for user namespaces, agreed. I could > go either way though on whether we should also restrict to the same > pidns. It would be a subtle unexpected semantic change, that we would need to copy linux-abi and document etc. I'm not convinced it is that useful. I'm inclined to keep the semantics pure until there is some real experience from the field on issues like this. > (note to fix the userns part of this added to my userns queue - first > I want to finish with keys; then maybe this should be done before > handling capabilities) Sounds good. Mentioning the user namespace was just to make it clear where it should be fixed. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers