Quoting Ben Hutchings ([email protected]): > On Mon, Sep 30, 2013 at 09:56:10AM -0700, Eric W. Biederman wrote: > > Ben Hutchings <[email protected]> writes: > > > > > On Tue, 2013-09-24 at 10:10 +0100, Andy Whitcroft wrote: > > >> On Mon, Sep 23, 2013 at 05:08:26PM -0500, Serge Hallyn wrote: > > >> > Hi, > > >> > > > >> > The final patches needed to resolve conflicts between XFS and user > > >> > namespaces are in 3.12. I've backported them to saucy at > > >> > > > >> > http://kernel.ubuntu.com/git?p=serge/ubuntu-saucy.git;a=summary > > >> > # m.sep23.xfs2 > > >> > > > >> > This has 7 patches cherrypicked from Linus' tree, one patch by > > >> > myself to add a sysctl, default off, to enable unprivileged use > > >> > of CLONE_NEWUSER, and a packaging patch to set CONFIG_USER_NS=y. > > >> > > >> These are pretty big patches to be bringing so late to the party. I am > > >> particularly concerned that you have missed the beta deadline so we will > > >> be shovelling this into the kernel after the majority of the testing has > > >> been completed. > > >> > > >> I assume we need these XFS patches because you cannot enable USER_NS at > > >> all without disabling XFS en-toto, an obvious no-no. What feature does > > >> this new code enable which would be lost if we don't have them. > > >> > > >> On the unpriveleged setup, I presume we are saying upstream will allow > > >> it by default, it is just us who are adding this possible cut off if > > >> there are issues? > > > [...] > > > > > > I was planning to include the same sort of knob when USER_NS is enabled > > > in Debian. I can probably just copy your patch now. > > > > Grumble. Just kill the binary sysctl bits from that patch. > > > > I sent an email mentioning that the sysctl change didn't need to > > allocate any binary numbers but I think it may have been eaten by a > > grue. > > No, I've seen your email and I'm assuming the actual committed version > won't have a binary sysctl.
Sorry I never fixed that. I've actually removed the sysctl from my latest ppa kernel, as it is not something we want long-term. Though if the rm/DOS issue is not addressed in the next few weeks (when I next try to push it into our s+1 tree) I'll have to re-introduce it. -serge -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/20131001050349.GA18119@tp
