On Thu, 08.01.15 15:33, Stéphane Graber (stgra...@ubuntu.com) wrote: > As far as I know there's no obvious way to detect this case (well, > short of trying a bunch of restricted syscalls). The only way I'm > aware of is by comparing the target of /proc/self/ns/user to that of > /proc/<real host pid 1>/ns/user which is doable at the host level > but isn't once you are in a container with your own pid namespace > (which since we're talking about pid 1 systemd there can probably be > assumed).
Hmm, if this is so unreliable to detect maybe we shouldn't after all. Given that git is no longer fatally failing if it cannot write to oom adjust I think all is good now? > > > > [0]: <lwn.net/Articles/539940/> > > [1]: > > > > [root@tomegun-x240 userns]# ./userns_child_exec -U -M '0 0 4294967295' > > -G '0 0 4294967295' bash > > [root@tomegun-x240 userns]# mknod null b 1 3 > > mknod: ‘null’: Operation not permitted > > [root@tomegun-x240 userns]# mount -t tmpfs none test/ > > mount: permission denied > > [root@tomegun-x240 userns]# exit > > exit > > [root@tomegun-x240 userns]# mknod null b 1 3 > > [root@tomegun-x240 userns]# mount -t tmpfs none test/ > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
