sf...@users.sourceforge.net:
> Bhushan Jain:
> > Attached is a sample code that creates a user namespace and maps the un-pri=
> > vileged user to root within the namespace.=0A=
> > The user namespace can be used for sandboxing. Having aufs support within t=
> > he user namespace can help create a chroot environment where multiple direc=
> > tories are united into a single filesystem.=0A=
>
> Thanks for the sample code.
> Personally, user-ns is not attractive for me, at the same time I don't
> have strong objection. So I will merge your patch.
Intrestingly, very similar discussion happened on LKML.
See this and its thread.
Date: Tue, 16 Jul 2013 14:29:20 -0500
From: Serge Hallyn <serge.hal...@ubuntu.com>
Subject: [PATCH RFC] allow some kernel filesystems to be mounted
in a user namespace
The patch sets FS_USERNS_MOUNT for debugfs, fuse and securityfs.
But at the end of the thread, he wrote
Right so the specific problem this patch introduces is: An admin who is
using a distro kernel with these filesystems enabled but not mounted,
without this patch does not have to worry about unprivileged users being
able to access the fs. With this patch, he does.
Thanks everyone, I withdraw this patch.
If such problem really exists, it might be better for aufs NOT to set
FS_USERNS_MOUNT I suppose.
J. R. Okajima
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
