[RFC] [PATCH 0/3] user ns and vfs: Introduction

Serge E. Hallyn serue at us.ibm.com
Fri Nov 17 07:19:24 PST 2006


Quoting Serge E. Hallyn (serue at us.ibm.com):
> From: Serge E. Hallyn <serue at us.ibm.com>
> Subject: [RFC] [PATCH 0/3] user ns and vfs: Introduction
> 
> Cedric has previously sent out a patchset
> (http://lists.osdl.org/pipermail/containers/2006-August/000078.html)
> impplementing the very basics of a user namespace. It ignores
> filesystem access checks, so that uid 502 in one namespace could
> access files belonging to uid 502 in another namespace, if the
> containers were so set up.

Oh, and the real question, which i forgot to ask - for those
who objected to Cedric's patchset on the grounds of lack of file access
controls, does this patchset address your concerns?

It seems to me it provides isolation to those who want it, while leaving
the door open to a uid mapping solution (whether in a stackable fs, a
global-uidaware fs, or whatever) in the future.

thanks,
-serge



More information about the Containers mailing list