On Thu, 2008-12-18 at 20:30 -0800, Matt Helsley wrote: > On Thu, 2008-12-18 at 10:54 -0800, Eric W. Biederman wrote: > > "Serge E. Hallyn" <se...@us.ibm.com> writes: > > > > > > > The uid check needs to be fixed for user namespaces, agreed. I could > > > go either way though on whether we should also restrict to the same > > > pidns. > > > > It would be a subtle unexpected semantic change, that we would need > > to copy linux-abi and document etc. I'm not convinced it is that > > useful. > > > > I'm inclined to keep the semantics pure until there is some real > > experience from the field on issues like this. > > Well the man page talks about PRIO_PROCESS and PRIO_PGRP and in those > cases it looks like "who" is really a pid or pgrp id: > > > The value which is one of PRIO_PROCESS, PRIO_PGRP, or PRIO_USER, > > and > > who is interpreted relative to which (a process identifier > > for > > PRIO_PROCESS, process group identifier for PRIO_PGRP, and a user ID > > for > > PRIO_USER). > > It looks to me like restricting by pidns is required if "which" is > PRIO_PROCESS or PRIO_PGRP. If "which" is PRIO_USER then yes, it sounds > like a user ns issue.
Eh, ignore me. Looks like this is already the case in the code. > Cheers, > -Matt Helsley _______________________________________________ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
