On 11/18/2015 04:58 PM, Al Viro wrote: > On Wed, Nov 18, 2015 at 08:22:38AM -0600, Seth Forshee wrote: > >> But it still requires the admin set it up that way, no? And aren't >> privileges required to set up those devices in the first place? >> >> I'm not saying that it wouldn't be a good idea to lock down the backing >> stores for those types of devices too, just that it isn't something that >> a regular user could exploit without an admin doing something to >> facilitate it. > > Sigh... If it boils down to "all admins within all containers must be > trusted not to try and break out" (along with "roothole in any container > escalates to kernel-mode code execution on host"), then what the fuck > is the *point* of bothering with containers, userns, etc. in the first > place? If your model is basically "you want isolation, just use kvm", > fine, but where's the place for userns in all that? > > And if you are talking about the _host_ admin, then WTF not have him just > mount what's needed as part of setup and to hell with mounting those > inside the container? > > Look at that from the hosting company POV - they are offering a bunch of > virtual machines on one physical system. And you want the admins on those > virtual machines independent from the host admin. Fine, but then you > really need to keep them unable to screw each other or gain kernel-mode > execution on the host. Actually from the POV of a hosting company there's also the use case of wanting to use container as substitutes for virtual machines (of course we are a long way from that). But being able to do what those patches enable (i.e. what Seth has pointed to with mount -o loop) is beneficial and desirable. > > Again, what's the point of all that? I assumed the model where containers > do, you know, contain what's in them, regardless of trust. You guys seem > to assume something different and I really wonder what it _is_... > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
