Quoting Martin Pitt (martin.p...@ubuntu.com): > So would a namespace aware check for CAP_SYS_AUDIT say "no" then? (The > audit subsystem isn't namespace aware right now). How would such a check > look like in userspace?
I suppose a namespace aware check for CAP_SYS_AUDIT would look like an fcntl or something funky against an nsfs inode for a user namespace. Going from an instantiated or abstract object (like an fd, a pathname, a process id) to the relevant nsfs inode would be interesting. I.e. if one day we allow unpriv users to mknod /dev/null, then a check for CAP_MKNOD against /dev/null might return true, while a check for CAP_MKNOD against /dev/sda might return false. This is interesting, but not likely to be ever implemented :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576341 Title: fails in lxd container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1576341/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
