Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > Quoting Daniel P. Berrange (berra...@redhat.com):
> >> From: "Daniel P. Berrange"
> >>
> >> The following commit
> >>
> >> commit cf3f89214ef6a33fad60856bc5ffd7bb2fc4709b
> >> Author: Daniel Lezcano
>
Quoting Serge Hallyn (se...@hallyn.com):
> Eric,
>
> during the container reboot discussion, the agreement was reached that
> rebooting for real fron non-init pid ns is not safe. Restarting userspace
> (in pidns caller owns) is. I argue the same reasoning supports this.
>
> I haven't had a ch
"Serge E. Hallyn" writes:
> Quoting Daniel P. Berrange (berra...@redhat.com):
>> From: "Daniel P. Berrange"
>>
>> The following commit
>>
>> commit cf3f89214ef6a33fad60856bc5ffd7bb2fc4709b
>> Author: Daniel Lezcano
>> Date: Wed Mar 28 14:42:51 2012 -0700
>>
>> pidns: add re
Quoting Daniel P. Berrange (berra...@redhat.com):
> From: "Daniel P. Berrange"
>
> The following commit
>
> commit cf3f89214ef6a33fad60856bc5ffd7bb2fc4709b
> Author: Daniel Lezcano
> Date: Wed Mar 28 14:42:51 2012 -0700
>
> pidns: add reboot_pid_ns() to handle the reboot sysc
Eric,
during the container reboot discussion, the agreement was reached that
rebooting for real fron non-init pid ns is not safe. Restarting userspace (in
pidns caller owns) is. I argue the same reasoning supports this.
I haven't had a chance to review the patch, but the idea gets my ack. I'
"Daniel P. Berrange" wrote:
>On Fri, Aug 03, 2012 at 05:45:40AM -0700, Eric W. Biederman wrote:
>> The solution is to use user namespaces and to only test ns_capable on
>the magic reboot path.
>>
>> For the 3.7 timeframe that should be a realistic solution.
>
>Hmm, that would imply that if LXC w
On Fri, Aug 03, 2012 at 05:45:40AM -0700, Eric W. Biederman wrote:
> The solution is to use user namespaces and to only test ns_capable on the
> magic reboot path.
>
> For the 3.7 timeframe that should be a realistic solution.
Hmm, that would imply that if LXC wants to allow reboot()/CAP_SYS_BOO
The solution is to use user namespaces and to only test ns_capable on the magic
reboot path.
For the 3.7 timeframe that should be a realistic solution.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More major
On Fri, Aug 3, 2012 at 12:53 PM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange"
>
> The following commit
>
> commit cf3f89214ef6a33fad60856bc5ffd7bb2fc4709b
> Author: Daniel Lezcano
> Date: Wed Mar 28 14:42:51 2012 -0700
>
> pidns: add reboot_pid_ns() to handle the rebo
From: "Daniel P. Berrange"
The following commit
commit cf3f89214ef6a33fad60856bc5ffd7bb2fc4709b
Author: Daniel Lezcano
Date: Wed Mar 28 14:42:51 2012 -0700
pidns: add reboot_pid_ns() to handle the reboot syscall
introduced custom handling of the reboot() syscall when invoked
10 matches
Mail list logo
