From: Alexey Gladkov <gladkov.alexey-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Djalal Harouni <tixxdz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Iago Lopez Galeiras
<iago-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Daniel J Walsh <dwalsh-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Akihiro Suda
<suda.akihiro-Zyj7fXuS5i5L9jVzuh4AOg@public.gmane.org>,
Alban Crequy
<alban.crequy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
linux-kernel
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Michael Crosby
<crosbymichael-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Stephen J Day
<stephen.day-FCduhRhOUaTQT0dZR+AlfA@public.gmane.org>,
Alban Crequy <alban-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Andy Lutomirski <luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Linux FS Devel
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Jess Frazelle <acidburn-0li6OtcxBFHby3iVrkZq2A@public.gmane.org>,
Alexander Viro
<viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
Subject: Re: [PATCH] [RFC][WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible
Date: Mon, 16 Apr 2018 16:16:16 +0200 [thread overview]
Message-ID: <20180416141616.GB21965__4622.06339366293$1523888649$gmane$org@comp-core-i7-2640m-0182e6> (raw)
In-Reply-To: <CAEiveUf5LWpvA-QMm3eYr9yFgUjwyQdkk-WVptze9m_EfbGMwg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
[-- Attachment #1.1: Type: text/plain, Size: 1173 bytes --]
On Sat, Apr 14, 2018 at 12:41:31AM +0200, Djalal Harouni wrote:
> On Wed, Apr 4, 2018 at 4:45 PM, Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> wrote:
> [...]
> >
> > The only option I have seen proposed that might qualify as something
> > general purpose and simple is a new filesystem that is just the process
> > directories of proc. As there would in essence be no files that would
> > need restrictions it would be safe to allow anyone to mount without
> > restriction.
> >
> Eric, there is a series for this:
> https://www.mail-archive.com/linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org/msg1533642.html
>
> patch on top for pids:
> https://github.com/legionus/linux/commit/993a2a5b9af95b0ac901ff41d32124b72ed676e3
>
> it was reviewed, and suggestions were integrated from Andy and Al Viro
> feedback, thanks. It works on Debian, Ubuntu and others, not on Fedora
> due to bug with dracut+systemd.
>
> I do not have time to work on it now, anyone can just pick them.
I continue to work on this. I am now trying to deal with the problem on
Fedora. I hope to return soon with the results.
--
Rgrds, legion
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
[-- Attachment #2: Type: text/plain, Size: 205 bytes --]
_______________________________________________
Containers mailing list
Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
https://lists.linuxfoundation.org/mailman/listinfo/containers
prev parent reply other threads:[~2018-04-16 14:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-04 11:53 [PATCH] [RFC][WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible Alban Crequy
[not found] ` <20180404115311.725-1-alban-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2018-04-04 14:45 ` Eric W. Biederman
[not found] ` <87tvsrjai0.fsf@xmission.com>
[not found] ` <87tvsrjai0.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-04-04 15:34 ` Aleksa Sarai
2018-04-04 18:42 ` Serge E. Hallyn
2018-04-05 14:19 ` Christian Brauner
2018-04-13 22:41 ` Djalal Harouni
[not found] ` <20180404184250.GA9997@mail.hallyn.com>
[not found] ` <20180404184250.GA9997-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2018-04-04 22:02 ` Eric W. Biederman
[not found] ` <CAEiveUf5LWpvA-QMm3eYr9yFgUjwyQdkk-WVptze9m_EfbGMwg@mail.gmail.com>
[not found] ` <CAEiveUf5LWpvA-QMm3eYr9yFgUjwyQdkk-WVptze9m_EfbGMwg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-04-16 14:16 ` Alexey Gladkov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='20180416141616.GB21965__4622.06339366293$1523888649$gmane$org@comp-core-i7-2640m-0182e6' \
--to=gladkov.alexey-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=acidburn-0li6OtcxBFHby3iVrkZq2A@public.gmane.org \
--cc=alban-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org \
--cc=alban.crequy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=crosbymichael-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=dwalsh-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=iago-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=stephen.day-FCduhRhOUaTQT0dZR+AlfA@public.gmane.org \
--cc=suda.akihiro-Zyj7fXuS5i5L9jVzuh4AOg@public.gmane.org \
--cc=tixxdz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).