On 17 Nov 2015 00:41, U.Mutlu wrote: > I did some research on the net, and the findings are: > - user namespaces have their own security holes there are no known security issues. like all new code, there were some edge cases in the original implementation, but they've been fixed since. the only thing left is that people don't like the new attack surface and inherently distrust it. but that's not the same thing as there being known security holes. > - a workaround exists, but then a new problem happens: loop devices cannot > be accessed loop devices are merely files which are owned by the root user. not being able to open files owned by the "real" root is to be expected. > Does the user need to create his own loop device(s)? you need to have the system/root chown them as the user before doing anything else. sucks, but that's currently how it works. would be nice if someone looked into making it more accessible to users. maybe others on this list are aware of ongoing work. > Hmm. it looks like there is (currently?) a big mess with user namespaces: > https://code.google.com/p/chromium/issues/detail?id=457362 no, no there is not -mike
Attachment:
signature.asc
Description: Digital signature
