[PATCH 0/6] user namespaces: introduction

Serge E. Hallyn serue at us.ibm.com
Fri Jul 25 17:27:00 PDT 2008


Following is a set of user namespace patches I've been playing with
this week.

The first two patches are I believe fixes which should go in regardless
of which direction user namespaces take.

The rest of the patches are one approach to providing default cross-userns
isolation for files.  Any filesystem can provide its own intelligent
cross-userns userid equivalence checks by defining its own permission
function, which is what Eric and I have been talking about doing.

The next step is probably to handle some of the task-to-task
cross-userns checks.

Comments appreciated.

thanks,
-serge


More information about the Containers mailing list