Am 18.10.2015 um 22:13 schrieb Tobias Markus: > On 17.10.2015 22:17, Richard Weinberger wrote: >> On Sat, Oct 17, 2015 at 5:58 PM, Tobias Markus <tobias@xxxxxxxxx> wrote: >>> One question remains though: Does this break userspace executables that >>> expect being able to create user namespaces without priviledge? Since >>> creating user namespaces without CAP_SYS_ADMIN was not possible before >>> Linux 3.8, programs should already expect a potential EPERM upon calling >>> clone. Since creating a user namespace without CAP_SYS_USER_NS would >>> also cause EPERM, we should be on the safe side. >> >> In case of doubt, yes it will break existing software. >> Hiding user namespaces behind CAP_SYS_USER_NS will not magically >> make them secure. >> > The goal is not to make user namespaces secure, but to limit access to > them somewhat in order to reduce the potential attack surface. We have already a framework to reduce the attack surface, seccomp. There is no need to invent new capabilities for every non-trivial kernel feature. I can understand the user namespaces seems scary and had bugs. But which software didn't? Are there any unfixed exploitable bugs in user namespaces in recent kerenls? Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
