On 16 Nov 2015 03:26, U.Mutlu wrote: > I'm proposing that "unshare -m" should not be a privileged option, what you're asking for is not coming from util-linux. unshare is merely an interface to the unshare() syscall. if you dislike the security semantics there, you can post to the namespace mailing list: https://lists.linuxfoundation.org/mailman/listinfo/containers > Therefore the -m option (and maybe even most of the other options) of unshare > should be made to work for users, without needing root permission. they do already -- with user namespaces. if you give people the ability to mount anything in the existing mount namespace, you open up attacks: - create an ext2 fs as the user with some setuid programs - create a new mount namespace - mount that image - instant root > The other solution via user namespace is IMHO overkill and in my case > impractical and irritating because user gets a root-prompt (#) > eventhough it is only inside the user namespace. so remap it to your own user instead of to root > As said in previous postings of mine: "chmod u+s unshare" does what I need, i would like shell access to your systems please. free root is fun. -mike
Attachment:
signature.asc
Description: Digital signature
