Ben Hutchings <[email protected]> writes: > On Tue, 2013-09-24 at 10:10 +0100, Andy Whitcroft wrote: >> On Mon, Sep 23, 2013 at 05:08:26PM -0500, Serge Hallyn wrote: >> > Hi, >> > >> > The final patches needed to resolve conflicts between XFS and user >> > namespaces are in 3.12. I've backported them to saucy at >> > >> > http://kernel.ubuntu.com/git?p=serge/ubuntu-saucy.git;a=summary # >> > m.sep23.xfs2 >> > >> > This has 7 patches cherrypicked from Linus' tree, one patch by >> > myself to add a sysctl, default off, to enable unprivileged use >> > of CLONE_NEWUSER, and a packaging patch to set CONFIG_USER_NS=y. >> >> These are pretty big patches to be bringing so late to the party. I am >> particularly concerned that you have missed the beta deadline so we will >> be shovelling this into the kernel after the majority of the testing has >> been completed. >> >> I assume we need these XFS patches because you cannot enable USER_NS at >> all without disabling XFS en-toto, an obvious no-no. What feature does >> this new code enable which would be lost if we don't have them. >> >> On the unpriveleged setup, I presume we are saying upstream will allow >> it by default, it is just us who are adding this possible cut off if >> there are issues? > [...] > > I was planning to include the same sort of knob when USER_NS is enabled > in Debian. I can probably just copy your patch now.
Grumble. Just kill the binary sysctl bits from that patch. I sent an email mentioning that the sysctl change didn't need to allocate any binary numbers but I think it may have been eaten by a grue. sysctl(2) bad, /proc/sys/ good. stabs sysctl(2) a few for more time to see if the corpse will disappear. Eric -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
