Re: [RCF] [PATCH] unprivileged mount/umount

Bodo Eggert <[email protected]> wrote:
> > How about a new clone option "CLONE_NOSUID"?
> 
> IMO, the clone call ist the wrong place to create namespaces. It should be
> deprecated by a mkdir/chdir-like interface.

And the mkdir/chdir interface already exists, see "cd /proc/NNN/root".

There are some small quirks to fix, should we decide that's the way to
go.  But it's basically there.

File descriptors keep track of the namespace (actually vfsmnt) where
they were opened.  Today, if you pass a directory file descriptor from
one process to another, you're granting access to see the other's
namespace.

That's why /proc/NNN/root works (with small fixes) in much the way
you'd expect.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [RCF] [PATCH] unprivileged mount/umount
    • From: Bodo Eggert <[email protected]>
  • Re: [RCF] [PATCH] unprivileged mount/umount
    • From: Miklos Szeredi <[email protected]>

• References:
  • Re: [RCF] [PATCH] unprivileged mount/umount
    • From: "Bodo Eggert <[email protected]>" <[email protected]>

• Prev by Date: Re: Kernel Panic - not syncing: VFS: Unable to mount root fs on unknown-block(8,3)
• Next by Date: Re: [PATCH 2.6.12-rc4 2/3] (dynamic sysfs callbacks) device_attribute
• Previous by thread: Re: [RCF] [PATCH] unprivileged mount/umount
• Next by thread: Re: [RCF] [PATCH] unprivileged mount/umount
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]