"Michael Kerrisk" <mtk.manpages@xxxxxxxxxxxxxx> writes: > Hi Serge, > > What is the current status of CLONE_NEWUSER? I'm currently trying to > test this flag in preparation for documenting it in the clone(2) man > page, but am running into an ENOMEM error from the clone() call, which > seems to occur after a failure in kobject_init_and_add() in the > following call sequence: > > clone_user_ns() --> alloc_uid() --> uids_user_create() --> > kobject_init_and_add() > > Are there already some test programs somewhere? Is there any > documentation already available for this flag? This code is definitely still under development. When complete it should be able to create a new uid namespace, as an unprivileged user. Creating a new process with uid == gid == 0. Have a full set of caps. And have permission to do nothing on the system except read world readable files and write world writable files. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
