per process filesystem namespace

Posted Oct 24, 2002 20:20 UTC (Thu) by brouhaha (subscriber, #1698)
In reply to: per process filesystem namespace by corbet
Parent article: Creating Linux virtual filesystems

There's a simple solution to that: if a setuid program gets loaded when there is a per-process namespace active, the kernel can ignore the setuid bit and run it with no privileges.

AFAICT, that would allow non-privileged users to play with their namespace all they want, without compromising system integrity.