On Wed, Jan 06, 2010 at 02:17:25PM -0600, Serge E. Hallyn wrote: > Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx): > > "Serge E. Hallyn" <serue@xxxxxxxxxx> writes: <snip> > > >From db104af741b5f0a2f128688905498cae68fbbde2 Mon Sep 17 00:00:00 2001 > > From: Eric W. Biederman <ebiederm@xxxxxxxxxxxx> > > Date: Wed, 6 Jan 2010 08:26:21 -0800 > > Subject: [PATCH] security: Make capabilities relative to the user namespace. > > > > - Introduce ns_capable to test for a capability in a non-default > > user namespace. > > - Teach cap_capable to handle capabilities in a non-default > > user namespace. > > So yeah, I didn't address the whole has_capability junk. Feh. > > So do you intend to tag all namespaces with the userns which > created it? So sys_hostname() can check utsname->uts_ns->creator, > and net ioctl SIOCSIFNAME checks struct net->creator? That makes sense but I'm getting a worried about the way those extra namespace references are popping up in other namespace structs. Seems like it would be easy to write code that could create reference cycles and thus leak memory. Perhaps it will require splitting the references sort of like struct mm_struct? The other example of that idea was keeping a syslog_ns reference in the netns for the iptables printks in ipt_LOG.c. What happens when one of the CONFIG_*NS options isn't selected? Suddenly we're littering the struct definitions with #ifdefs and making the code alot more complicated to test (I suspect). Perhaps it's time to merge all the CONFIG_*NS options into CONFIG_NAMESPACES? Cheers, -Matt Helsley _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
