Re: [REVIEW][PATCH 0/43] Completing the user namespace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
> Andrew Lutomirski <luto@xxxxxxx> writes:
> Still given that you aren't doing the very restrictive current_cred()
> must not change I don't know how it matters, and a bpf based seccomp can
> pretty easily filter out new user namespace creation.  Shrug.

I very much want and intend to use both user namespaces and seccomp2
together.  Speaking in terms of the old userns implementation, once
a container has been created, no child of my task will change uid/gid
or gain/move capabilities in the original user namespace.  But they're
free to do so at will in the child user namespace.  Since the capabilities
are targeted at the child namespaces, that's fine.  And as Eric noted
the user namespaces will allow us to increase the attack surface, but
at the same time I'm hoping to offset that somewhat using seccomp2.

-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux