"Michael Kerrisk (man-pages)" <mtk.manpages@xxxxxxxxx> writes: > Hello Eric, > > I realized I had a question after the last mail. > > On 07/21/2016 06:39 PM, Eric W. Biederman wrote: >> >> This patchset addresses two use cases: >> - Implement a sane upper bound on the number of namespaces. >> - Provide a way for sandboxes to limit the attack surface from >> namespaces. > > Can you say more about the second point? What exactly is the > problem that is being addressed, and how does the patch series > address it? (It would be good to have those details in the > revised commit message...) At some point it was reported that seccomp was not sufficient to disable namespace creation. I need to go back and look at that claim to see which set of circumstances that was referring to. Seccomp doesn't stack so I can see why it is an issue. The general problem is that namespaces by their nature (and especially in combination with the user namespaces) allow unprivileged users to use more of the kernel than a user would have access to without them. This in turn allows malicious users more kernel calls they can use in attempt to find an exploitable bug. So if you are building a sandbox/chroot jail/chromium tab or anything like that and you know you won't be needing a kernel feature having an easy way to disable the feature is useful for making the kernel marginally more secure, as certain attack vectors are no longer possible. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
