On 5/11/05, Jamie Lokier <[email protected]> wrote:
>
> Please read carefully: I've described what _current_ kernels do.
>
I guess I misread when you wrote:
>>
>>You can't do a lot with the new namespace, because of the security
>>restrictions on mount() on a foreign namespace. That's what I meant
>>about the "small fixes" - get rid of the current->namespace checks and
>>it'll be usable.
>>
>>I don't see the purpose of current->namespace and the associated mount
>>restrictions at all. I asked Al Viro what it's for, but haven't seen
>>a reply :( IMHO current->namespace should simply be removed, because the
>>"current namespace" is represented just fine by
>>current->fs->rootmnt->mnt_namespace.
>>
That sounds an awful lot like you want to make changes to the current
support in the kernel.
> It's a poorly understood area of the kernel, and I'm attempting to
> clarify it. This talk of new system calls for entering a namespace
> makes no sense when you can _already_ do some things that people
> haven't realised the kernel does.
>
IMHO part of the reason its so poorly understood is that people aren't
using it. That's why I suggest we use some of the proposed patches
which open up name space operations to common users. There are some
security checks (like the one brought up justifying the CAP_SYS_ADMIN
permissions on CLONE_NS) that need to be added, before we start
removing others -- and I'm quite concerned that Viro hasn't weighed in
on any of these new patches, I wonder if its because this thread seems
to have gone off the deep end.
-eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
