[patch -mm 08/17] nsproxy: add hashtable
Serge E. Hallyn
serue at us.ibm.com
Mon Dec 11 14:18:34 PST 2006
Quoting Eric W. Biederman (ebiederm at xmission.com):
> I actually have code that will let me fork a process in a new namespace today
> with out needing bind_ns. What is more I don't even have to be root
> to use it.
Can you elaborate? The user namespace patches don't enforce ptrace
yet, so you could unshare as root, become uid 500, then as uid 500
in the original namespace ptrace the process in the new namespace.
Is that what you're doing? If (when) ptrace enforces the uid namespace,
will that stop what you're doing?
-serge
More information about the Containers
mailing list