On Wed, 2014-12-03 at 10:49 -0600, Eric W. Biederman wrote:
> Ian Kent writes:
>
> > On Mon, 2014-12-01 at 16:56 -0500, Benjamin Coddington wrote:
> >> n Tue, 25 Nov 2014, Eric W. Biederman wrote:
> >> Hi,
> >>
> >> > Ian Kent writes:
> >> >
> >> > > On Tue, 2014-11-25 at 17:19 -0600, Eric W. B
On Wed, 2014-12-03 at 10:49 -0600, Eric W. Biederman wrote:
>
> >> > Those are the general parameters.
> >>
> >> It does seem very expensive to keep a thread around for every mount; I'm
> >> still trying to find a way around it..
> >
> > Yeah, that's not such a good idea.
> >
> > Several hundred
On Wed, 3 Dec 2014, Eric W. Biederman wrote:
> Ian Kent writes:
>
> > On Mon, 2014-12-01 at 16:56 -0500, Benjamin Coddington wrote:
> >> n Tue, 25 Nov 2014, Eric W. Biederman wrote:
> >> Hi,
> >>
> >> > Ian Kent writes:
> >> >
> >> > > On Tue, 2014-11-25 at 17:19 -0600, Eric W. Biederman wrote
Ian Kent writes:
> On Mon, 2014-12-01 at 16:56 -0500, Benjamin Coddington wrote:
>> n Tue, 25 Nov 2014, Eric W. Biederman wrote:
>> Hi,
>>
>> > Ian Kent writes:
>> >
>> > > On Tue, 2014-11-25 at 17:19 -0600, Eric W. Biederman wrote:
>> > >> Ian Kent writes:
>> > >>
>> > >> > On Tue, 2014-11-25
On Mon, 2014-12-01 at 16:56 -0500, Benjamin Coddington wrote:
> n Tue, 25 Nov 2014, Eric W. Biederman wrote:
> Hi,
>
> > Ian Kent writes:
> >
> > > On Tue, 2014-11-25 at 17:19 -0600, Eric W. Biederman wrote:
> > >> Ian Kent writes:
> > >>
> > >> > On Tue, 2014-11-25 at 16:23 -0600, Eric W. Biede
n Tue, 25 Nov 2014, Eric W. Biederman wrote:
Hi,
> Ian Kent writes:
>
> > On Tue, 2014-11-25 at 17:19 -0600, Eric W. Biederman wrote:
> >> Ian Kent writes:
> >>
> >> > On Tue, 2014-11-25 at 16:23 -0600, Eric W. Biederman wrote:
> >> >> Oleg Nesterov writes:
> >> >>
> >> >> > On 11/25, Oleg Nest
On Tue, 2014-11-25 at 17:27 -0600, Eric W. Biederman wrote:
>
> > How does one correctly set the namespace in user space since each of
> > the /proc//ns/ will use a slightly different
> > proc_ns_operations install function?
> >
> > Are we saying that, for example, if open(/proc//ns/pid)/setns()
I didn't have time to follow this thread today, will try tomorrow.
Perhaps this was already answered...
On 11/26, Ian Kent wrote:
>
> On Tue, 2014-11-25 at 22:52 +0100, Oleg Nesterov wrote:
> >
> > and probably we also need this for coredump helpers, we want them
> > to be per-namespace.
>
> To sa
On Wed, Nov 26, 2014 at 09:00:11AM -0600, Eric W. Biederman wrote:
> David Howells writes:
>
> > Eric W. Biederman wrote:
> >
> >> Ian if we were to merge this I believe you would win the award for
> >> easiest path to a root shell.
> >
> > Is there any particular reason the upcalled program has
David Howells writes:
> Eric W. Biederman wrote:
>
>> Ian if we were to merge this I believe you would win the award for
>> easiest path to a root shell.
>
> Is there any particular reason the upcalled program has to be run as root?
> Could the kernel not run it as something else - perhaps the c
Eric W. Biederman wrote:
> Ian if we were to merge this I believe you would win the award for
> easiest path to a root shell.
Is there any particular reason the upcalled program has to be run as root?
Could the kernel not run it as something else - perhaps the caller's UID,GID
or even something
Ian Kent writes:
> On Tue, 2014-11-25 at 17:19 -0600, Eric W. Biederman wrote:
>> Ian Kent writes:
>>
>> > On Tue, 2014-11-25 at 16:23 -0600, Eric W. Biederman wrote:
>> >> Oleg Nesterov writes:
>> >>
>> >> > On 11/25, Oleg Nesterov wrote:
>> >> >>
>> >> >> Let me first apologize, I didn't ac
On Wed, 2014-11-26 at 07:50 +0800, Ian Kent wrote:
> >
> > If we are going to set this stuff up in the kernel we need a reference
> > process that we can create children of because what is possible with
> > respect to containers keeps changing, and it is extremely error prone to
> > figure out wha
On Tue, 2014-11-25 at 17:19 -0600, Eric W. Biederman wrote:
> Ian Kent writes:
>
> > On Tue, 2014-11-25 at 16:23 -0600, Eric W. Biederman wrote:
> >> Oleg Nesterov writes:
> >>
> >> > On 11/25, Oleg Nesterov wrote:
> >> >>
> >> >> Let me first apologize, I didn't actually read this series yet.
Ian Kent writes:
> On Tue, 2014-11-25 at 22:52 +0100, Oleg Nesterov wrote:
>> Let me first apologize, I didn't actually read this series yet.
>>
>> But I have to admit that so far I do not like this approach...
>> probably I am biased.
>
> Oleg, thanks for your comments.
>
>>
>> On 11/25, Ian K
Ian Kent writes:
> On Tue, 2014-11-25 at 16:23 -0600, Eric W. Biederman wrote:
>> Oleg Nesterov writes:
>>
>> > On 11/25, Oleg Nesterov wrote:
>> >>
>> >> Let me first apologize, I didn't actually read this series yet.
>> >>
>> >> But I have to admit that so far I do not like this approach...
>
On Tue, 2014-11-25 at 23:06 +0100, Oleg Nesterov wrote:
> On 11/25, Oleg Nesterov wrote:
> >
> > Let me first apologize, I didn't actually read this series yet.
> >
> > But I have to admit that so far I do not like this approach...
> > probably I am biased.
>
> Yes.
>
> And I have another concern
On Tue, 2014-11-25 at 16:23 -0600, Eric W. Biederman wrote:
> Oleg Nesterov writes:
>
> > On 11/25, Oleg Nesterov wrote:
> >>
> >> Let me first apologize, I didn't actually read this series yet.
> >>
> >> But I have to admit that so far I do not like this approach...
> >> probably I am biased.
>
On Tue, 2014-11-25 at 22:52 +0100, Oleg Nesterov wrote:
> Let me first apologize, I didn't actually read this series yet.
>
> But I have to admit that so far I do not like this approach...
> probably I am biased.
Oleg, thanks for your comments.
>
> On 11/25, Ian Kent wrote:
> >
> > The call_use
Oleg Nesterov writes:
> On 11/25, Oleg Nesterov wrote:
>>
>> Let me first apologize, I didn't actually read this series yet.
>>
>> But I have to admit that so far I do not like this approach...
>> probably I am biased.
>
> Yes.
>
> And I have another concern... this is mostly a feeling, I can be
On 11/25, Oleg Nesterov wrote:
>
> Let me first apologize, I didn't actually read this series yet.
>
> But I have to admit that so far I do not like this approach...
> probably I am biased.
Yes.
And I have another concern... this is mostly a feeling, I can be
easily wrong but:
> On 11/25, Ian Ke
Let me first apologize, I didn't actually read this series yet.
But I have to admit that so far I do not like this approach...
probably I am biased.
On 11/25, Ian Kent wrote:
>
> The call_usermodehelper() function executes all binaries in the
> global "init" root context. This doesn't allow a bin
22 matches
Mail list logo
