On Fri, 08 Jun 2007 17:14:07 +0200 Cedric Le Goater <[EMAIL PROTECTED]> wrote:
> Basically, it will allow a process to unshare its user_struct table, resetting > at the same time its own user_struct and all the associated accounting. > > A new root user (uid == 0) is added to the user namespace upon creation. Such > root users have full privileges and it seems that theses privileges should be > controlled through some means (process capabilities ?) This second paragraph is distressingly indecisive. How much thought has gone into this?? For a start, it seems wrong for the kernel to hardwire knowledge about UID 0 in this fashion. I'd have thought that a better model for user-namespace unsharing would be to do a copy-by-value of the entire namespace, then permit a suitably-privileged application to go through and kill off any unwanted users from the now-unshared user namespace. Or maybe just remove that "Insert new root user" altogether? What would then go wrong? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
