Hi everyone
Â
13.07.2020, 21:42, "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>:
Â
 Which means an unprivileged user can create a user namespace and
get
 connector to report whichever ids they want to users in another
 namespace. AKA lie.
Â
 So this appears to make connector completely unreliable.
Â
Â
My sense is that there are few enough uses of connector that if
don't
mind changing your code so that it works in a container (and the
pidfd
support appears to already provide what you need) that is probably
the
past of least resistance.
I don't think it maintaining connector support would be much more
work
than it is now, if someone went through and did the work to
carefully
convert the code. So if someone really wants to use connector we can
namespace the code.
Otherwise it is probably makes sense to let the few users gradually
stop
using connector so the code can eventually be removed.
Â
Such a nice bright future for connector you depict here disregarding
others work
and this contribution Eric :)
Â
If we can overcome showed above issue with invalid ids, connector still
can get a few more years to live,
don't you want to give it a chance?
Â
Please checkout out the pidfd support and tell us how it meets your
needs. If there is something that connector really does better it
would
be good to know.
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
