Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx): > Andrew Lutomirski <luto@xxxxxxx> writes: > > > On Tue, Apr 10, 2012 at 6:01 PM, Eric W. Biederman > > <ebiederm@xxxxxxxxxxxx> wrote: > > > Sounds like you're reinventing (something very similar to) > > no_new_privs. Why not just require no_new_privs as a prerequisite for > > creating a user namespace if you're unprivileged? > > As I said in the part of my email you snipped, because no_new_privs will > break suid exec in the user namespace. Andrew, note that once you create a new user namespace, you cannot change your credentials in the ancestor user namespaces. So in effect you already have no_new_privs for those namespaces. So if I'm uid 1001 and I create a task in a new user namespace where 50000 on host is mapped to uid 0 in userns. Now I try to execute a file belonging to uid 500 on the host and setuid. Note that 500 is not mapped into my user namespace. That is what Eric meant by either exec being refused or setuid being ignored. Either way, the file would be executed using uid 50000 on the host (and 0 in the user namespace). -serge -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
