per process filesystem namespace
Posted Oct 24, 2002 20:20 UTC (Thu) by brouhaha
In reply to: per process filesystem namespace
Parent article: Creating Linux virtual filesystems
There's a simple solution to that: if a setuid program gets loaded when there is a per-process namespace active, the kernel can ignore the setuid bit and run it with no privileges.
AFAICT, that would allow non-privileged users to play with their namespace all they want, without compromising system integrity.
to post comments)