On Thu, 2009-12-17 at 17:31 +0000, Mark Seaborn wrote: > The reason chroot() and clone()/CLONE_NEWNS are privileged is that > they provide a way to violate the assumptions of setuid/setgid > executables. If we add a per-process flag that prevents a process > from exec'ing setuid executables, we could allow chroot() and > CLONE_NEWNS when that flag is set. That fixes (a). I think this would be great. > > Maybe we could fix (b) by making mount namespaces into first class > objects that can be named through a file descriptor, so that one > process can manipulate another process's namespace without itself > being subject to the namespace. I think Michael's problem with debugging is much more fundamental: application programmers get confused when some filesystem operations fail in the debugged process, while it works fine from the shell. It would help if the kernel provided a way for a process to switch to another process' namespace. Even better, it would be great if existing namespaces could be mounted at an arbitrary position within another namespace. Then one could use traditional shell tools to inspect it, or even chroot into it. </delirium> -- // Bernie Innocenti - http://codewiz.org/ \X/ Sugar Labs - http://sugarlabs.org/ _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
