[Devel] Re: [RFC] [PATCH 0/3] user ns and vfs: Introduction
Serge E. Hallyn
serue at us.ibm.com
Fri Nov 17 07:19:24 PST 2006
Quoting Serge E. Hallyn (serue at us.ibm.com):
> From: Serge E. Hallyn <serue at us.ibm.com>
> Subject: [RFC] [PATCH 0/3] user ns and vfs: Introduction
>
> Cedric has previously sent out a patchset
> (http://lists.osdl.org/pipermail/containers/2006-August/000078.html)
> impplementing the very basics of a user namespace. It ignores
> filesystem access checks, so that uid 502 in one namespace could
> access files belonging to uid 502 in another namespace, if the
> containers were so set up.
Oh, and the real question, which i forgot to ask - for those
who objected to Cedric's patchset on the grounds of lack of file access
controls, does this patchset address your concerns?
It seems to me it provides isolation to those who want it, while leaving
the door open to a uid mapping solution (whether in a stackable fs, a
global-uidaware fs, or whatever) in the future.
thanks,
-serge
_______________________________________________
Containers mailing list
Containers at lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
More information about the Devel
mailing list