Prompted by the merge of support for user namespaces in recent kernels, I've
written a couple of simple standalone tools that use them together with
mount, PID and other namespaces to implement containers.
I've put these utilities up here in case they're of use to anyone else, and
also as demonstr
Chris Webb writes:
> Prompted by the new userns support merged in the 3.8/3.9 kernels, I've been
> playing with namespaces and trying to understand how I could use them to
> build containers to replace some of my uses of qemu-kvm virtual machines.
I now have most things working a
"Eric W. Biederman" writes:
> It is a wider issue. Capabilities cover most of places in the kernel
> where the kernel tests if you have privilege but there are other
> filesystems like devtmpsfs, and the occasional silly piece of kernel
> code that should be using capabilities but is not. Beyond
"Eric W. Biederman" writes:
> Hmm. I guess it depends on how your VM is reading them. If it is
> blocked based access to the filesystem you have a problem. If the VM
> is effectively NFS mounting the filesystem you can do all kinds of
> things.
>
> It is possible to just change the user name
"Eric W. Biederman" writes:
> That will work, but you really don't want to run with uid == 0 mapped to
> uid == 0. There are too many things in /proc and /sys and similar that
> grant access to uid == 0.
Many thanks for the swift reply. If I map UID zero in the userns to a
non-zero UID outside
Prompted by the new userns support merged in the 3.8/3.9 kernels, I've been
playing with namespaces and trying to understand how I could use them to
build containers to replace some of my uses of qemu-kvm virtual machines.
I've successfully created a fakeroot-type container running as an
unprivile
Eric Dumazet writes:
> Have you read firmware/README.AddingFirmware ?
I hadn't, but now I have, and if firmware upgrades are considered 'adding
new firmware', I agree this patch is wrong, and should have just removed the
obsolete bnx2-mips-09-6.2.1a file that is no longer used by the bnx2 driver
7 matches
Mail list logo
