Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx): > "Serge E. Hallyn" <serue@xxxxxxxxxx> writes: > > > > The uid check needs to be fixed for user namespaces, agreed. I could > > go either way though on whether we should also restrict to the same > > pidns. > > It would be a subtle unexpected semantic change, that we would need > to copy linux-abi and document etc. I'm not convinced it is that > useful. > > I'm inclined to keep the semantics pure until there is some real > experience from the field on issues like this. Ok. Gowrishankar, please drop this patch. > > (note to fix the userns part of this added to my userns queue - first > > I want to finish with keys; then maybe this should be done before > > handling capabilities) > > Sounds good. Mentioning the user namespace was just to make it clear > where it should be fixed. (And I might not have caught it if you hadn't mentioned it) thanks, -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers