Re: [lxc-devel] [RFC PATCH 11/11] loop: Allow priveleged operations for root in the namespace which owns a device

Quoting Michael H. Warfield (m...@wittsend.com): > On Tue, 2014-05-27 at 03:36 +0200, Serge E. Hallyn wrote: > > Quoting Michael H. Warfield (m...@wittsend.com): > > > On Mon, 2014-05-26 at 11:16 +0200, Seth Forshee wrote: > > > > On Fri, May 23, 2014 at 08:48:25AM +0300, Marian Marinov wrote: > >

Re: [lxc-devel] [RFC PATCH 11/11] loop: Allow priveleged operations for root in the namespace which owns a device

On Mon, May 26, 2014 at 10:39:22PM -0400, Michael H. Warfield wrote: > On Tue, 2014-05-27 at 03:36 +0200, Serge E. Hallyn wrote: > > Quoting Michael H. Warfield (m...@wittsend.com): > > > On Mon, 2014-05-26 at 11:16 +0200, Seth Forshee wrote: > > > > On Fri, May 23, 2014 at 08:48:25AM +0300, Marian

Re: [lxc-devel] [RFC PATCH 11/11] loop: Allow priveleged operations for root in the namespace which owns a device

On Tue, 2014-05-27 at 03:36 +0200, Serge E. Hallyn wrote: > Quoting Michael H. Warfield (m...@wittsend.com): > > On Mon, 2014-05-26 at 11:16 +0200, Seth Forshee wrote: > > > On Fri, May 23, 2014 at 08:48:25AM +0300, Marian Marinov wrote: > > > > -BEGIN PGP SIGNED MESSAGE- > > > > Hash: SHA1

Re: [lxc-devel] [RFC PATCH 11/11] loop: Allow priveleged operations for root in the namespace which owns a device

Quoting Michael H. Warfield (m...@wittsend.com): > On Mon, 2014-05-26 at 11:16 +0200, Seth Forshee wrote: > > On Fri, May 23, 2014 at 08:48:25AM +0300, Marian Marinov wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > One question about this patch. > > > > > > Why don't

Re: [lxc-devel] [RFC PATCH 11/11] loop: Allow priveleged operations for root in the namespace which owns a device

On Mon, May 26, 2014 at 11:32:05AM -0400, Michael H. Warfield wrote: > On Mon, 2014-05-26 at 11:16 +0200, Seth Forshee wrote: > > On Fri, May 23, 2014 at 08:48:25AM +0300, Marian Marinov wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > One question about this patch. > >

Re: [lxc-devel] [RFC PATCH 11/11] loop: Allow priveleged operations for root in the namespace which owns a device

On Mon, 2014-05-26 at 11:16 +0200, Seth Forshee wrote: > On Fri, May 23, 2014 at 08:48:25AM +0300, Marian Marinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > One question about this patch. > > > > Why don't you use the devices cgroup check if the root user in that > > na

Re: [RFC PATCH 11/11] loop: Allow priveleged operations for root in the namespace which owns a device

On Fri, May 23, 2014 at 08:48:25AM +0300, Marian Marinov wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > One question about this patch. > > Why don't you use the devices cgroup check if the root user in that namespace > is allowed to use this device? > > This way you can be sure th

Re: [RFC PATCH 11/11] loop: Allow priveleged operations for root in the namespace which owns a device

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 One question about this patch. Why don't you use the devices cgroup check if the root user in that namespace is allowed to use this device? This way you can be sure that the root in that namespace can not access devices to which the host system did

[RFC PATCH 11/11] loop: Allow priveleged operations for root in the namespace which owns a device

Signed-off-by: Seth Forshee --- drivers/block/loop.c | 14 +- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 66bd938bcc1c..2cc19868ea0d 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -1074,7 +1074,7 @@ l