LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A new approach to user namespaces

A new approach to user namespaces

Posted Apr 14, 2012 19:25 UTC (Sat) by BenHutchings (subscriber, #37955)
In reply to: A new approach to user namespaces by dottedmag
Parent article: A new approach to user namespaces

Not completely. fakeroot also fakes up mknod(), and we don't have namespaces for device numbers. But perhaps mknod() could be considered unprivileged on a filesystem mounted -o nodev?

(Log in to post comments)

A new approach to user namespaces

Posted Apr 17, 2012 7:36 UTC (Tue) by trulyexcitingnickname-dontuthink (guest, #84181) [Link]

> But perhaps mknod() could be considered unprivileged on a filesystem mounted -o nodev?

This sounds like a nightmare. Using a more secure mount option make going back to the default insecure? That is sure sane---not.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds