"Serge E. Hallyn" <serge@xxxxxxxxxx> writes:
> Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
>>
>> Andy Lutomirski pointed out that the current behavior of allowing the
>> owner of a user namespace to have all caps when that owner is not in a
>> parent user namespace is wrong.
>
> To make sure I understand right, the issue is when a uid is mapped
> into multiple namespaces.
Yes.
i.e. uid 1000 in ns1 may own ns2, but uid 1000 in ns3 does not?
I am not certain of your example.
The simple case is:
init_user_ns:
child_user_ns1 (owned by uid == 0 [in all user namespaces])
child_user_ns2 (owned by uid == 0 [ in all user namespaces])
root (uid == 0) in child_user_ns2 has all rights over anything in
child_user_ns1.
Thank you for looking.
Eric
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
