On 09/11/2014 08:15 AM, Andy Lutomirski wrote:
> On Thu, Sep 11, 2014 at 7:47 AM, Michael Kerrisk (man-pages)
> wrote:
>>
>> So, in the current draft of the setns(2) page, there is
>>
>> CLONE_NEWNS
>> ...
>> Since Linux 3.9, CLONE_NEWUSER also automatically implies
>>
On 09/11/2014 08:14 AM, Andy Lutomirski wrote:
> On Thu, Sep 11, 2014 at 7:46 AM, Michael Kerrisk (man-pages)
> wrote:
>> Hi Eric,
>>
>> On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>>>
Hi Andy, and Eric,
>>1. The writing process m
On Thu, Sep 11, 2014 at 7:47 AM, Michael Kerrisk (man-pages)
wrote:
>
> So, in the current draft of the setns(2) page, there is
>
> CLONE_NEWNS
> ...
> Since Linux 3.9, CLONE_NEWUSER also automatically implies
> CLONE_FS.
>
> Does that cover your point? Or did you mea
On Thu, Sep 11, 2014 at 7:46 AM, Michael Kerrisk (man-pages)
wrote:
> Hi Eric,
>
> On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
>>
>>> Hi Andy, and Eric,
>1. The writing process must have the CAP_SETUID (CAP_SETGID)
> cap
Hi Andy,
On 09/09/2014 12:26 PM, Andy Lutomirski wrote:
> On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman
> wrote:
>>
>> We may also want to discuss the specific restrictions on chroot.
>>
>> The text about chroot at least gives people a strong hint that the
>> chroot rules are affected by use
Hi Eric,
On 09/09/2014 09:05 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hi Andy, and Eric,
>>
>> On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
>>> On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
>>> wrote:
Hello Eric et al.,
For variou
On 09/09/2014 08:51 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>> [...]
>>
>>
The initial user namespace has no parent namespace, but, for con‐
sisten
On 09/09/2014 09:16 AM, Eric W. Biederman wrote:
>>> On a related note. One thing that has come up recently (in 3 separate
>>> >> implementations is that mount(MS_REMOUNT|...,...) must include all of
>>> >> the mount flags that need to be preserved. People creating read-only
>>> >> bind mounts t
On 09/09/2014 08:49 AM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hi Eric,
>>
>> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>>> "Michael Kerrisk (man-pages)" writes:
>>>
Hello Eric et al.,
For various reasons, my work on the namespaces man pages
On Tue, Sep 9, 2014 at 12:26 PM, Andy Lutomirski wrote:
> On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman
> wrote:
>>
>> We may also want to discuss the specific restrictions on chroot.
>>
>> The text about chroot at least gives people a strong hint that the
>> chroot rules are affected by use
On Tue, Sep 9, 2014 at 9:05 AM, Eric W. Biederman wrote:
>
> We may also want to discuss the specific restrictions on chroot.
>
> The text about chroot at least gives people a strong hint that the
> chroot rules are affected by user namespaces.
>
> The restrictions that we have settled on to avoid
"Michael Kerrisk (man-pages)" writes:
> Hi Eric,
>
>> On a related note. One thing that has come up recently (in 3 separate
>> implementations is that mount(MS_REMOUNT|...,...) must include all of
>> the mount flags that need to be preserved. People creating read-only
>> bind mounts tend to mi
"Michael Kerrisk (man-pages)" writes:
> Hi Andy, and Eric,
>
> On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
>> On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
>> wrote:
>>> Hello Eric et al.,
>>>
>>> For various reasons, my work on the namespaces man pages
>>> fell off the table a
"Michael Kerrisk (man-pages)" writes:
> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
> [...]
>
>
>>>The initial user namespace has no parent namespace, but, for con‐
>>>sistency, the kernel provides dummy user and group ID mapping
"Michael Kerrisk (man-pages)" writes:
> Hi Eric,
>
> On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
>>
>>> Hello Eric et al.,
>>>
>>> For various reasons, my work on the namespaces man pages
>>> fell off the table a while back. Nevertheless, the pages
Hi Eric,
> On a related note. One thing that has come up recently (in 3 separate
> implementations is that mount(MS_REMOUNT|...,...) must include all of
> the mount flags that need to be preserved. People creating read-only
> bind mounts tend to miss that and the locked flags in mount namespace
Hi Andy, and Eric,
On 09/01/2014 01:57 PM, Andy Lutomirski wrote:
> On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
> wrote:
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been c
Hi Eric,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been close to completion for a while now,
On 08/30/2014 02:53 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
[...]
>>The initial user namespace has no parent namespace, but, for con‐
>>sistency, the kernel provides dummy user and group ID mapping
>>files for this namespace. Looking at
"Michael Kerrisk (man-pages)" writes:
> On 08/30/2014 11:53 PM, Eric W. Biederman wrote:
>> "Michael Kerrisk (man-pages)" writes:
>>> For various reasons, my work on the namespaces man pages
>>> fell off the table a while back. Nevertheless, the pages have
>>> been close to completion for a wh
On Wed, Aug 20, 2014 at 4:36 PM, Michael Kerrisk (man-pages)
wrote:
> Hello Eric et al.,
>
> For various reasons, my work on the namespaces man pages
> fell off the table a while back. Nevertheless, the pages have
> been close to completion for a while now, and I recently restarted,
> in an effort
On 08/30/2014 11:53 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" writes:
>
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been close to completion for a while now, and I rece
On 08/22/2014 11:12 PM, Serge E. Hallyn wrote:
> Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
>> Hello Eric et al.,
>>
>> For various reasons, my work on the namespaces man pages
>> fell off the table a while back. Nevertheless, the pages have
>> been close to completion for a whi
"Michael Kerrisk (man-pages)" writes:
> Hello Eric et al.,
>
> For various reasons, my work on the namespaces man pages
> fell off the table a while back. Nevertheless, the pages have
> been close to completion for a while now, and I recently restarted,
> in an effort to finish them. As you also
Quoting Michael Kerrisk (man-pages) (mtk.manpa...@gmail.com):
> Hello Eric et al.,
>
> For various reasons, my work on the namespaces man pages
> fell off the table a while back. Nevertheless, the pages have
> been close to completion for a while now, and I recently restarted,
> in an effort to f
25 matches
Mail list logo
