Namespaces in operation - root privileges
Posted Jan 6, 2013 1:50 UTC (Sun) by giraffedata
In reply to: Namespaces in operation, part 1: namespaces overview
Parent article: Namespaces in operation, part 1: namespaces overview
I'm bewildered by the mention in the article of user name spaces allowing one to have root privileges. "Root privileges" is a way of saying, "all the capabilities" and has almost nothing to do with uids. So how does this work? Does the uid name space feature really allow a process to hold a capability whose power is somehow limited to a subset of the system?
Described like this, I can certainly see it taking a lot of work to convince people there's nothing to be afraid of in this feature.
to post comments)