On 09/11/2014 08:15 AM, Andy Lutomirski wrote:
> On Thu, Sep 11, 2014 at 7:47 AM, Michael Kerrisk (man-pages)
> wrote:
>>
>> So, in the current draft of the setns(2) page, there is
>>
>> CLONE_NEWNS
>> ...
>> Since Linux 3.9, CLONE_NEWUSER also automatically implies
>>
On 09/11/2014 08:14 AM, Andy Lutomirski wrote:
> On Thu, Sep 11, 2014 at 7:46 AM, Michael Kerrisk (man-pages)
> wrote:
>> Hi Eric,
>>
>> On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>>>
Hi Andy, and Eric,
>>1. The writing process
On 09/11/2014 08:14 AM, Andy Lutomirski wrote:
On Thu, Sep 11, 2014 at 7:46 AM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hi Eric,
On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Andy, and Eric,
1. The
On 09/11/2014 08:15 AM, Andy Lutomirski wrote:
On Thu, Sep 11, 2014 at 7:47 AM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
So, in the current draft of the setns(2) page, there is
CLONE_NEWNS
...
Since Linux 3.9, CLONE_NEWUSER also automatically implies
On Thu, Sep 11, 2014 at 7:47 AM, Michael Kerrisk (man-pages)
wrote:
>
> So, in the current draft of the setns(2) page, there is
>
> CLONE_NEWNS
> ...
> Since Linux 3.9, CLONE_NEWUSER also automatically implies
> CLONE_FS.
>
> Does that cover your point? Or did you
On Thu, Sep 11, 2014 at 7:46 AM, Michael Kerrisk (man-pages)
wrote:
> Hi Eric,
>
> On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
>>
>>> Hi Andy, and Eric,
>1. The writing process must have the CAP_SETUID (CAP_SETGID)
>
Hi Andy,
On 09/09/2014 12:26 PM, Andy Lutomirski wrote:
> On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman
> wrote:
>>
>> We may also want to discuss the specific restrictions on chroot.
>>
>> The text about chroot at least gives people a strong hint that the
>> chroot rules are affected by
Hi Eric,
On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hi Andy, and Eric,
>>
>> On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
>>> On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
>>> wrote:
Hello Eric et al.,
For
On 09/09/2014 08:51 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>> [...]
>>
>>
The initial user namespace has no parent namespace, but, for con‐
On 09/09/2014 09:16 AM, Eric W. Biederman wrote:
>>> On a related note. One thing that has come up recently (in 3 separate
>>> >> implementations is that mount(MS_REMOUNT|...,...) must include all of
>>> >> the mount flags that need to be preserved. People creating read-only
>>> >> bind mounts
On 09/09/2014 08:49 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hi Eric,
>>
>> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>>>
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
On 09/09/2014 08:49 AM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Eric,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hello Eric et al.,
For various reasons, my work on the
On 09/09/2014 08:51 AM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
[...]
The initial user namespace has no parent namespace, but, for
On 09/09/2014 09:16 AM, Eric W. Biederman wrote:
On a related note. One thing that has come up recently (in 3 separate
implementations is that mount(MS_REMOUNT|...,...) must include all of
the mount flags that need to be preserved. People creating read-only
bind mounts tend to miss that
Hi Eric,
On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Andy, and Eric,
On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hello Eric et
Hi Andy,
On 09/09/2014 12:26 PM, Andy Lutomirski wrote:
On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman ebied...@xmission.com
wrote:
We may also want to discuss the specific restrictions on chroot.
The text about chroot at least gives people a strong hint that the
chroot rules are
On Thu, Sep 11, 2014 at 7:47 AM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
So, in the current draft of the setns(2) page, there is
CLONE_NEWNS
...
Since Linux 3.9, CLONE_NEWUSER also automatically implies
CLONE_FS.
Does that cover your point?
On Thu, Sep 11, 2014 at 7:46 AM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hi Eric,
On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Andy, and Eric,
1. The writing process must have the CAP_SETUID
On Tue, Sep 9, 2014 at 12:26 PM, Andy Lutomirski wrote:
> On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman
> wrote:
>>
>> We may also want to discuss the specific restrictions on chroot.
>>
>> The text about chroot at least gives people a strong hint that the
>> chroot rules are affected by
On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman wrote:
>
> We may also want to discuss the specific restrictions on chroot.
>
> The text about chroot at least gives people a strong hint that the
> chroot rules are affected by user namespaces.
>
> The restrictions that we have settled on to
"Michael Kerrisk (man-pages)" writes:
> Hi Eric,
>
>> On a related note. One thing that has come up recently (in 3 separate
>> implementations is that mount(MS_REMOUNT|...,...) must include all of
>> the mount flags that need to be preserved. People creating read-only
>> bind mounts tend to
"Michael Kerrisk (man-pages)" writes:
> Hi Andy, and Eric,
>
> On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
>> On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
>> wrote:
>>> Hello Eric et al.,
>>>
>>> For various reasons, my work on the namespaces man pages
>>> fell off the table
"Michael Kerrisk (man-pages)" writes:
> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
> [...]
>
>
>>>The initial user namespace has no parent namespace, but, for con‐
>>>sistency, the kernel provides dummy user and group ID mapping
"Michael Kerrisk (man-pages)" writes:
> Hi Eric,
>
> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
>>
>>> Hello Eric et al.,
>>>
>>> For various reasons, my work on the namespaces man pages
>>> fell off the table a while back. Nevertheless, the
Hi Eric,
> On a related note. One thing that has come up recently (in 3 separate
> implementations is that mount(MS_REMOUNT|...,...) must include all of
> the mount flags that need to be preserved. People creating read-only
> bind mounts tend to miss that and the locked flags in mount
Hi Andy, and Eric,
On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
> On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
> wrote:
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been
Hi Eric,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been close to completion for a while now,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
[...]
>>The initial user namespace has no parent namespace, but, for con‐
>>sistency, the kernel provides dummy user and group ID mapping
>>files for this namespace. Looking
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
[...]
The initial user namespace has no parent namespace, but, for con‐
sistency, the kernel provides dummy user and group ID mapping
files for this
Hi Eric,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a
Hi Andy, and Eric,
On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages
Hi Eric,
On a related note. One thing that has come up recently (in 3 separate
implementations is that mount(MS_REMOUNT|...,...) must include all of
the mount flags that need to be preserved. People creating read-only
bind mounts tend to miss that and the locked flags in mount namespaces.
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Eric,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back.
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
[...]
The initial user namespace has no parent namespace, but, for con‐
sistency, the kernel provides dummy
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Andy, and Eric,
On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hello Eric et al.,
For various reasons, my work on the namespaces man
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Eric,
On a related note. One thing that has come up recently (in 3 separate
implementations is that mount(MS_REMOUNT|...,...) must include all of
the mount flags that need to be preserved. People creating read-only
bind mounts
On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman ebied...@xmission.com wrote:
We may also want to discuss the specific restrictions on chroot.
The text about chroot at least gives people a strong hint that the
chroot rules are affected by user namespaces.
The restrictions that we have
On Tue, Sep 9, 2014 at 12:26 PM, Andy Lutomirski l...@amacapital.net wrote:
On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman ebied...@xmission.com
wrote:
We may also want to discuss the specific restrictions on chroot.
The text about chroot at least gives people a strong hint that the
"Michael Kerrisk (man-pages)" writes:
> On 08/30/2014 11:53 PM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
>>> For various reasons, my work on the namespaces man pages
>>> fell off the table a while back. Nevertheless, the pages have
>>> been close to completion for a
On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
wrote:
> Hello Eric et al.,
>
> For various reasons, my work on the namespaces man pages
> fell off the table a while back. Nevertheless, the pages have
> been close to completion for a while now, and I recently restarted,
> in an
On 08/30/2014 11:53 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been close to completion for a while now, and I
On 08/22/2014 11:12 PM, Serge E. Hallyn wrote:
> Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been close to completion for a
On 08/22/2014 11:12 PM, Serge E. Hallyn wrote:
Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now,
On 08/30/2014 11:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now,
On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now, and I recently
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
On 08/30/2014 11:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been
"Michael Kerrisk (man-pages)" writes:
> Hello Eric et al.,
>
> For various reasons, my work on the namespaces man pages
> fell off the table a while back. Nevertheless, the pages have
> been close to completion for a while now, and I recently restarted,
> in an effort to finish them. As you
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now, and I recently restarted,
in an effort to finish
Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
> Hello Eric et al.,
>
> For various reasons, my work on the namespaces man pages
> fell off the table a while back. Nevertheless, the pages have
> been close to completion for a while now, and I recently restarted,
> in an effort to
Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now, and I recently restarted,
in an effort to finish
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now, and I recently restarted,
in an effort to finish them. As you also noted to me f2f, there have
been recently been
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now, and I recently restarted,
in an effort to finish them. As you also noted to me f2f, there have
been recently been
52 matches
Mail list logo