[PATCH 5/5] pid: use namespaced iteration on processes while managing priority
Eric W. Biederman
ebiederm at xmission.com
Thu Dec 18 10:54:20 PST 2008
"Serge E. Hallyn" <serue at us.ibm.com> writes:
> The uid check needs to be fixed for user namespaces, agreed. I could
> go either way though on whether we should also restrict to the same
> pidns.
It would be a subtle unexpected semantic change, that we would need
to copy linux-abi and document etc. I'm not convinced it is that
useful.
I'm inclined to keep the semantics pure until there is some real
experience from the field on issues like this.
> (note to fix the userns part of this added to my userns queue - first
> I want to finish with keys; then maybe this should be done before
> handling capabilities)
Sounds good. Mentioning the user namespace was just to make it clear
where it should be fixed.
Eric
More information about the Containers
mailing list