On 09/11/2014 08:15 AM, Andy Lutomirski wrote:
> On Thu, Sep 11, 2014 at 7:47 AM, Michael Kerrisk (man-pages)
> wrote:
>>
>> So, in the current draft of the setns(2) page, there is
>>
>> CLONE_NEWNS
>> ...
>> Since Linux 3.9, CLONE_NEWUSER also automatically implies
>>
On 09/11/2014 08:14 AM, Andy Lutomirski wrote:
> On Thu, Sep 11, 2014 at 7:46 AM, Michael Kerrisk (man-pages)
> wrote:
>> Hi Eric,
>>
>> On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>>>
Hi Andy, and Eric,
>>1. The writing process
On 09/11/2014 08:14 AM, Andy Lutomirski wrote:
On Thu, Sep 11, 2014 at 7:46 AM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hi Eric,
On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Andy, and Eric,
1. The
On 09/11/2014 08:15 AM, Andy Lutomirski wrote:
On Thu, Sep 11, 2014 at 7:47 AM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
So, in the current draft of the setns(2) page, there is
CLONE_NEWNS
...
Since Linux 3.9, CLONE_NEWUSER also automatically implies
On Thu, Sep 11, 2014 at 7:47 AM, Michael Kerrisk (man-pages)
wrote:
>
> So, in the current draft of the setns(2) page, there is
>
> CLONE_NEWNS
> ...
> Since Linux 3.9, CLONE_NEWUSER also automatically implies
> CLONE_FS.
>
> Does that cover your point? Or did you
On Thu, Sep 11, 2014 at 7:46 AM, Michael Kerrisk (man-pages)
wrote:
> Hi Eric,
>
> On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
>>
>>> Hi Andy, and Eric,
>1. The writing process must have the CAP_SETUID (CAP_SETGID)
>
Hi Andy,
On 09/09/2014 12:26 PM, Andy Lutomirski wrote:
> On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman
> wrote:
>>
>> We may also want to discuss the specific restrictions on chroot.
>>
>> The text about chroot at least gives people a strong hint that the
>> chroot rules are affected by
Hi Eric,
On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hi Andy, and Eric,
>>
>> On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
>>> On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
>>> wrote:
Hello Eric et al.,
For
On 09/09/2014 08:51 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>> [...]
>>
>>
The initial user namespace has no parent namespace, but, for con‐
On 09/09/2014 09:16 AM, Eric W. Biederman wrote:
>>> On a related note. One thing that has come up recently (in 3 separate
>>> >> implementations is that mount(MS_REMOUNT|...,...) must include all of
>>> >> the mount flags that need to be preserved. People creating read-only
>>> >> bind mounts
On 09/09/2014 08:49 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hi Eric,
>>
>> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>>>
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
On 09/09/2014 08:49 AM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Eric,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hello Eric et al.,
For various reasons, my work on the
On 09/09/2014 08:51 AM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
[...]
The initial user namespace has no parent namespace, but, for
On 09/09/2014 09:16 AM, Eric W. Biederman wrote:
On a related note. One thing that has come up recently (in 3 separate
implementations is that mount(MS_REMOUNT|...,...) must include all of
the mount flags that need to be preserved. People creating read-only
bind mounts tend to miss that
Hi Eric,
On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Andy, and Eric,
On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hello Eric et
Hi Andy,
On 09/09/2014 12:26 PM, Andy Lutomirski wrote:
On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman ebied...@xmission.com
wrote:
We may also want to discuss the specific restrictions on chroot.
The text about chroot at least gives people a strong hint that the
chroot rules are
On Thu, Sep 11, 2014 at 7:47 AM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
So, in the current draft of the setns(2) page, there is
CLONE_NEWNS
...
Since Linux 3.9, CLONE_NEWUSER also automatically implies
CLONE_FS.
Does that cover your point?
On Thu, Sep 11, 2014 at 7:46 AM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hi Eric,
On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Andy, and Eric,
1. The writing process must have the CAP_SETUID
On Tue, Sep 9, 2014 at 12:26 PM, Andy Lutomirski wrote:
> On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman
> wrote:
>>
>> We may also want to discuss the specific restrictions on chroot.
>>
>> The text about chroot at least gives people a strong hint that the
>> chroot rules are affected by
On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman wrote:
>
> We may also want to discuss the specific restrictions on chroot.
>
> The text about chroot at least gives people a strong hint that the
> chroot rules are affected by user namespaces.
>
> The restrictions that we have settled on to
"Michael Kerrisk (man-pages)" writes:
> Hi Eric,
>
>> On a related note. One thing that has come up recently (in 3 separate
>> implementations is that mount(MS_REMOUNT|...,...) must include all of
>> the mount flags that need to be preserved. People creating read-only
>> bind mounts tend to
"Michael Kerrisk (man-pages)" writes:
> Hi Andy, and Eric,
>
> On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
>> On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
>> wrote:
>>> Hello Eric et al.,
>>>
>>> For various reasons, my work on the namespaces man pages
>>> fell off the table
"Michael Kerrisk (man-pages)" writes:
> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
> [...]
>
>
>>>The initial user namespace has no parent namespace, but, for con‐
>>>sistency, the kernel provides dummy user and group ID mapping
"Michael Kerrisk (man-pages)" writes:
> Hi Eric,
>
> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
>>
>>> Hello Eric et al.,
>>>
>>> For various reasons, my work on the namespaces man pages
>>> fell off the table a while back. Nevertheless, the
Hi Eric,
> On a related note. One thing that has come up recently (in 3 separate
> implementations is that mount(MS_REMOUNT|...,...) must include all of
> the mount flags that need to be preserved. People creating read-only
> bind mounts tend to miss that and the locked flags in mount
Hi Andy, and Eric,
On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
> On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
> wrote:
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been
Hi Eric,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been close to completion for a while now,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
[...]
>>The initial user namespace has no parent namespace, but, for con‐
>>sistency, the kernel provides dummy user and group ID mapping
>>files for this namespace. Looking
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
[...]
The initial user namespace has no parent namespace, but, for con‐
sistency, the kernel provides dummy user and group ID mapping
files for this
Hi Eric,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a
Hi Andy, and Eric,
On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages
Hi Eric,
On a related note. One thing that has come up recently (in 3 separate
implementations is that mount(MS_REMOUNT|...,...) must include all of
the mount flags that need to be preserved. People creating read-only
bind mounts tend to miss that and the locked flags in mount namespaces.
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Eric,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back.
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
[...]
The initial user namespace has no parent namespace, but, for con‐
sistency, the kernel provides dummy
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Andy, and Eric,
On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hello Eric et al.,
For various reasons, my work on the namespaces man
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hi Eric,
On a related note. One thing that has come up recently (in 3 separate
implementations is that mount(MS_REMOUNT|...,...) must include all of
the mount flags that need to be preserved. People creating read-only
bind mounts
On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman ebied...@xmission.com wrote:
We may also want to discuss the specific restrictions on chroot.
The text about chroot at least gives people a strong hint that the
chroot rules are affected by user namespaces.
The restrictions that we have
On Tue, Sep 9, 2014 at 12:26 PM, Andy Lutomirski l...@amacapital.net wrote:
On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman ebied...@xmission.com
wrote:
We may also want to discuss the specific restrictions on chroot.
The text about chroot at least gives people a strong hint that the
"Michael Kerrisk (man-pages)" writes:
> On 08/30/2014 11:53 PM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
>>> For various reasons, my work on the namespaces man pages
>>> fell off the table a while back. Nevertheless, the pages have
>>> been close to completion for a
On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
wrote:
> Hello Eric et al.,
>
> For various reasons, my work on the namespaces man pages
> fell off the table a while back. Nevertheless, the pages have
> been close to completion for a while now, and I recently restarted,
> in an
On 08/30/2014 11:53 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been close to completion for a while now, and I
On 08/22/2014 11:12 PM, Serge E. Hallyn wrote:
> Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been close to completion for a
On 08/22/2014 11:12 PM, Serge E. Hallyn wrote:
Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now,
On 08/30/2014 11:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now,
On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now, and I recently
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
On 08/30/2014 11:53 PM, Eric W. Biederman wrote:
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been
"Michael Kerrisk (man-pages)" writes:
> Hello Eric et al.,
>
> For various reasons, my work on the namespaces man pages
> fell off the table a while back. Nevertheless, the pages have
> been close to completion for a while now, and I recently restarted,
> in an effort to finish them. As you
Michael Kerrisk (man-pages) mtk.manpa...@gmail.com writes:
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now, and I recently restarted,
in an effort to finish
Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
> Hello Eric et al.,
>
> For various reasons, my work on the namespaces man pages
> fell off the table a while back. Nevertheless, the pages have
> been close to completion for a while now, and I recently restarted,
> in an effort to
Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
fell off the table a while back. Nevertheless, the pages have
been close to completion for a while now, and I recently restarted,
in an effort to finish
50 matches
Mail list logo
