[Devel] Re: Network isolation with RLIMIT_NETWORK, cont'd.
Andi Kleen
andi at firstfloor.org
Thu Dec 17 09:52:31 PST 2009
> Solve that with an unused uid. That ptrace_may_access check is
> completely non-intuitive, and a problem if we ever remove the current
> == task security module bug avoidance.
I thought he wanted to do that without suid?
If he can change uids he can as well just use full network namespaces.
-Andi
--
ak at linux.intel.com -- Speaking for myself only.
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list