[PATCH for v3.14] AUDIT: Allow login in non-init namespaces

Linus Torvalds torvalds at linux-foundation.org
Thu Apr 10 00:18:13 UTC 2014


On Wed, Apr 9, 2014 at 5:08 PM, Steve Grubb <sgrubb at redhat.com> wrote:
>
> This is a requirement. I do not advocate "tricking" user space.

It's not about tricking user space. This is how we used to behave.
ECONNREFUSED is what you got in a non-init namespace. So this is a
*regression fix*, not some kind of trick.

And there is absolutely nothing to "discuss" about regression fixes.

If people want to start auditing non-init namespaces, go right ahead.
But it will *not* happen by breaking old behavior that people depended
on.

            Linus


More information about the Containers mailing list