On Tue, Jul 26, 2016 at 10:29 AM, Michael Kerrisk (man-pages) <mtk.manpages@xxxxxxxxx> wrote: > On 26 July 2016 at 18:52, Kees Cook <keescook@xxxxxxxxxxxx> wrote: >> On Tue, Jul 26, 2016 at 8:06 AM, Eric W. Biederman >> <ebiederm@xxxxxxxxxxxx> wrote: >>> "Michael Kerrisk (man-pages)" <mtk.manpages@xxxxxxxxx> writes: >>> >>>> Hello Eric, >>>> >>>> I realized I had a question after the last mail. >>>> >>>> On 07/21/2016 06:39 PM, Eric W. Biederman wrote: >>>>> >>>>> This patchset addresses two use cases: >>>>> - Implement a sane upper bound on the number of namespaces. >>>>> - Provide a way for sandboxes to limit the attack surface from >>>>> namespaces. >>>> >>>> Can you say more about the second point? What exactly is the >>>> problem that is being addressed, and how does the patch series >>>> address it? (It would be good to have those details in the >>>> revised commit message...) >>> >>> At some point it was reported that seccomp was not sufficient to disable >>> namespace creation. I need to go back and look at that claim to see >>> which set of circumstances that was referring to. Seccomp doesn't stack >>> so I can see why it is an issue. >> >> seccomp does stack. The trouble usually comes from a perception that >> seccomp overhead is not trivial, so setting a system-wide policy is a >> bit of a large hammer for such a limitiation. Also, at the time, >> seccomp could be bypasses with ptrace, but this (as of v4.8) is no >> longer true. > > Sounds like someone needs to send me a patch for the seccomp.2 man page? It's on my TODO list, no worries. :) I'm waiting for it to land in Linus's tree first. It's only been in -next so far. -Kees -- Kees Cook Chrome OS & Brillo Security -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
