Re: [PATCH v3 0/7] User namespace mount updates

2015-11-19 Thread Richard Weinberger
Am 19.11.2015 um 15:37 schrieb Colin Walters: > On Thu, Nov 19, 2015, at 02:53 AM, Richard Weinberger wrote: > >> Erm, I don't want this in the kernel. That's why I've proposed the lklfuse >> approach. > > I already said this before but just to repeat, since I'm

Re: [PATCH v3 0/7] User namespace mount updates

2015-11-18 Thread Richard Weinberger
Am 19.11.2015 um 08:47 schrieb James Morris: > On Wed, 18 Nov 2015, Richard Weinberger wrote: > >> On Wed, Nov 18, 2015 at 4:13 PM, Al Viro <v...@zeniv.linux.org.uk> wrote: >>> On Wed, Nov 18, 2015 at 09:05:12AM -0600, Seth Forshee wrote: >>> >>>

Re: [PATCH v3 0/7] User namespace mount updates

2015-11-17 Thread Richard Weinberger
On Tue, Nov 17, 2015 at 7:34 PM, Seth Forshee wrote: > On Tue, Nov 17, 2015 at 05:55:06PM +, Al Viro wrote: >> On Tue, Nov 17, 2015 at 11:25:51AM -0600, Seth Forshee wrote: >> >> > Shortly after that I plan to follow with support for ext4. I've been >> > fuzzing

Re: [PATCH v3 0/7] User namespace mount updates

2015-11-17 Thread Richard Weinberger
Am 17.11.2015 um 20:25 schrieb Octavian Purdila: > On Tue, Nov 17, 2015 at 9:21 PM, Seth Forshee > <seth.fors...@canonical.com> wrote: >> >> On Tue, Nov 17, 2015 at 08:12:31PM +0100, Richard Weinberger wrote: >>> On Tue, Nov 17, 2015 at 7:34 PM, Seth Forshee >&

Re: [PATCH] userns/capability: Add user namespace capability

2015-10-19 Thread Richard Weinberger
Am 19.10.2015 um 14:36 schrieb Yves-Alexis Perez: > On dim., 2015-10-18 at 20:41 -0500, Serge E. Hallyn wrote: >> We shouldn't need a long-term solution. Your concern is bugs. After >> some time surely we'll feel that we have achieved a stable solution? > > But this is actually the whole point:

Re: [PATCH] userns/capability: Add user namespace capability

2015-10-18 Thread Richard Weinberger
Am 18.10.2015 um 22:41 schrieb Tobias Markus: > On 18.10.2015 22:21, Richard Weinberger wrote: >> Am 18.10.2015 um 22:13 schrieb Tobias Markus: >>> On 17.10.2015 22:17, Richard Weinberger wrote: >>>> On Sat, Oct 17, 2015 at 5:58 PM, Tobias Markus <tob...@mig

Re: [PATCH] userns/capability: Add user namespace capability

2015-10-18 Thread Richard Weinberger
Am 18.10.2015 um 22:13 schrieb Tobias Markus: > On 17.10.2015 22:17, Richard Weinberger wrote: >> On Sat, Oct 17, 2015 at 5:58 PM, Tobias Markus <tob...@miglix.eu> wrote: >>> One question remains though: Does this break userspace executables that >>> expect bei

Re: [PATCH] userns/capability: Add user namespace capability

2015-10-17 Thread Richard Weinberger
On Sat, Oct 17, 2015 at 5:58 PM, Tobias Markus wrote: > One question remains though: Does this break userspace executables that > expect being able to create user namespaces without priviledge? Since > creating user namespaces without CAP_SYS_ADMIN was not possible before >