User: Password:
|
|
Subscribe / Log in / New account

user namespace and uid namespace

user namespace and uid namespace

Posted Apr 3, 2011 11:02 UTC (Sun) by ebiederm (subscriber, #35028)
In reply to: user namespace and uid namespace by mfedyk
Parent article: The 2.6.39 merge window concludes

The uid/user namespace that went in around 2.6.27 is the same one under discussion. Unfortunately the implementation was massively incomplete and did not handle the case of where anything from different user namespaces were mixed.

In particular the user namespace is still moving in the direction of converting all of the checks from simple uid equality to comparing the tuple of usernamespace and uid.

The specific question about remounting a filesystem, the filesystem of piece of the permission checks has yet to be updated.

The reason getting a full set of capabilities will be harmless is because it is actually equivalent to dropping all capabilties. The capabilities will only apply to objects and namespaces created after you create the user namespace. So once properly implemented you simply won't be able to do anything dangerous but you will be able to use facilities that today are root only, only because suid root applications could be spoofed.

Eric


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds