Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755534AbbKRJ1E (ORCPT ); Wed, 18 Nov 2015 04:27:04 -0500 Received: from out02.mta.xmission.com ([166.70.13.232]:55604 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755390AbbKRJ04 (ORCPT ); Wed, 18 Nov 2015 04:26:56 -0500 From: ebiederm@xmission.com (Eric W. Biederman) To: "Serge E. Hallyn" Cc: Richard Weinberger , Richard Weinberger , LKML , "open list\:ABI\/API" , Linux Containers , LXC development mailing-list , Tejun Heo , cgroups mailinglist , Andrew Morton References: <1447703505-29672-1-git-send-email-serge@hallyn.com> <20151116204606.GA30681@mail.hallyn.com> <564A41AF.4040208@nod.at> <20151116205452.GA30975@mail.hallyn.com> <87y4dxh9b8.fsf@x220.int.ebiederm.org> <20151118023022.GA17501@mail.hallyn.com> Date: Wed, 18 Nov 2015 03:18:44 -0600 In-Reply-To: <20151118023022.GA17501@mail.hallyn.com> (Serge E. Hallyn's message of "Tue, 17 Nov 2015 20:30:22 -0600") Message-ID: <87r3jnfyx7.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-AID: U2FsdGVkX191R2ctJh0B4klWoKH6Upudpww0rau6byY= X-SA-Exim-Connect-IP: 67.3.201.231 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20% * [score: 0.1265] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa05 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa05 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;"Serge E. Hallyn" X-Spam-Relay-Country: X-Spam-Timing: total 640 ms - load_scoreonly_sql: 0.05 (0.0%), signal_user_changed: 9 (1.4%), b_tie_ro: 6 (0.9%), parse: 1.15 (0.2%), extract_message_metadata: 17 (2.6%), get_uri_detail_list: 1.16 (0.2%), tests_pri_-1000: 4.7 (0.7%), tests_pri_-950: 1.18 (0.2%), tests_pri_-900: 0.93 (0.1%), tests_pri_-400: 20 (3.1%), check_bayes: 19 (3.0%), b_tokenize: 4.4 (0.7%), b_tok_get_all: 8 (1.2%), b_comp_prob: 1.57 (0.2%), b_tok_touch_all: 2.8 (0.4%), b_finish: 0.73 (0.1%), tests_pri_0: 543 (84.8%), tests_pri_500: 41 (6.4%), poll_dns_idle: 32 (5.0%), rewrite_mail: 0.00 (0.0%) Subject: Re: CGroup Namespaces (v4) X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Wed, 24 Sep 2014 11:00:52 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1050 Lines: 25 "Serge E. Hallyn" writes: > On Mon, Nov 16, 2015 at 04:24:27PM -0600, Eric W. Biederman wrote: >> Similary have you considered what it required to be able to safely set >> FS_USERNS_MOUNT? > > I pushed the one patch which I feel is needed to my branch (it's also > included in another reply). Aditya had already added FS_USERNS_MOUNT to > the cgroup fs flags, so I think we're now all set. I can start > unprivileged containers which mount cgroupfs (which make systemd happy). In principle that sounds very good, and I am glad to see that. Let's hold off on merging the unprivileged part until everything else is reviewed and merged and we have performed an extra hard look at the security implications as it can be easy to overlook something when relaxing the permissions. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/