Re: Controlling devices and device namespaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Subject: Re: Controlling devices and device namespaces
From: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
Date: Sun, 16 Sep 2012 12:21:12 +0100
Cc: Aristeu Rozanski <aris@xxxxxxxxx>, Neil Horman <nhorman@xxxxxxxxxxxxx>, containers@xxxxxxxxxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, Michal Hocko <mhocko@xxxxxxx>, Tejun Heo <tj@xxxxxxxxxx>, cgroups@xxxxxxxxxxxxxxx, Paul Mackerras <paulus@xxxxxxxxx>, "Aneesh Kumar K.V" <aneesh.kumar@xxxxxxxxxxxxxxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxxxxxxxxxx>, Johannes Weiner <hannes@xxxxxxxxxxx>, Thomas Graf <tgraf@xxxxxxx>, "Serge E. Hallyn" <serue@xxxxxxxxxx>, Paul Turner <pjt@xxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>
Delivered-to: containers@xxxxxxxxxxxxxxxxxxxxxxxx
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEWysKsSBQMIAwIZCwj///8wIhxoRDXH9QHCAAABeUlEQVQ4jaXTvW7DIBAAYCQTzz2hdq+rdg494ZmBeE5KYHZjm/d/hJ6NfzBJpp5kRb5PHJwvMPMk2L9As5Y9AmYRBL+HAyJKeOU5aHRhsAAvORQ+UEgAvgddj/lwAXndw2laEDqA4x6KEBhjYRCg9tBFCOuJFxg2OKegbWjbsRTk8PPhKPD7HcRxB7cqhgBRp9Dcqs+B8v4CQvFdqeot3Kov6hBUn0AJitrzY+sgUuiA8i0r7+B3AfqKcN6t8M6HtqQ+AOoELCikgQSbgabKaJW3kn5lBs47JSGDhhLKDUh1UMipwwinMYPTBuIBjEclSaGZUk9hDlTb5sUTYN2SFFQuPe4Gox1X0FZOufjgBiV1Vls7b+GvK3SU4wfmcGo9rPPQzgIabfj4TYQo15k3bTHX9RIw/kniir5YbtJF4jkFG+dsDK1IgE413zAthU/vR2HVMmFUPIHTvF6jWCpFaGw/A3qWgnbxpSm9MSmY5b3pM1gvNc/gQfwBsGwF0VCtxZgAAAAASUVORK5CYII=
In-reply-to: <87y5kazuez.fsf@xmission.com>

> One piece of the puzzle is that we should be able to allow unprivileged
> device node creation and access for any device on any filesystem
> for which it unprivileged access is safe.

Which devices are "safe" is policy for all interesting and useful cases,
as are file permissions, security tags, chroot considerations and the
like.

It's a complete non starter.

Alan
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers

Follow-Ups:
- Re: Controlling devices and device namespaces
  - From: Eric W. Biederman

References:
- [RFC] cgroup TODOs
  - From: Tejun Heo
- Re: [RFC] cgroup TODOs
  - From: Aristeu Rozanski
- Re: [RFC] cgroup TODOs
  - From: Serge E. Hallyn
- Controlling devices and device namespaces
  - From: Eric W. Biederman
- Re: Controlling devices and device namespaces
  - From: Serge E. Hallyn
- Re: Controlling devices and device namespaces
  - From: Eric W. Biederman

Prev by Date: Re: [RFC] cgroup TODOs
Next by Date: Re: Controlling devices and device namespaces
Previous by thread: Re: Controlling devices and device namespaces
Next by thread: Re: Controlling devices and device namespaces
Index(es):
- Date
- Thread

[Index of Archives] [Cgroups] [Netdev] [Linux Wireless] [Kernel Newbies] [Security] [Linux for Hams] [Netfilter] [Bugtraq] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux RAID] [Linux Admin] [Samba]