On Mon, Nov 6, 2017 at 6:39 PM, Serge E. Hallyn wrote:
> Quoting Boris Lukashev (blukas...@sempervictus.com):
>> On Mon, Nov 6, 2017 at 5:14 PM, Serge E. Hallyn wrote:
>> > Quoting Daniel Micay (danielmi...@gmail.com):
>> >> Substantial added attack surface will nev
or what a specific implementation may or may not
do, and only looking at "how do we reduce privileged impact on parent
context from unprivileged namespaces," this patch does seem to provide
a logical way of reducing the privileges available in such a namespace
and often needed to mount escapes/impact parent context.
-Boris
--
Boris Lukashev
Systems Architect
Semper Victus
