Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933121AbbKRPnh (ORCPT ); Wed, 18 Nov 2015 10:43:37 -0500 Received: from h2.hallyn.com ([78.46.35.8]:38544 "EHLO h2.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755753AbbKRPnI (ORCPT ); Wed, 18 Nov 2015 10:43:08 -0500 Date: Wed, 18 Nov 2015 09:43:06 -0600 From: "Serge E. Hallyn" To: "Eric W. Biederman" Cc: "Serge E. Hallyn" , Richard Weinberger , Richard Weinberger , LKML , "open list:ABI/API" , Linux Containers , LXC development mailing-list , Tejun Heo , cgroups mailinglist , Andrew Morton Subject: Re: CGroup Namespaces (v4) Message-ID: <20151118154306.GA24719@mail.hallyn.com> References: <1447703505-29672-1-git-send-email-serge@hallyn.com> <20151116204606.GA30681@mail.hallyn.com> <564A41AF.4040208@nod.at> <20151116205452.GA30975@mail.hallyn.com> <87y4dxh9b8.fsf@x220.int.ebiederm.org> <20151118023022.GA17501@mail.hallyn.com> <87r3jnfyx7.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87r3jnfyx7.fsf@x220.int.ebiederm.org> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1211 Lines: 25 On Wed, Nov 18, 2015 at 03:18:44AM -0600, Eric W. Biederman wrote: > "Serge E. Hallyn" writes: > > > On Mon, Nov 16, 2015 at 04:24:27PM -0600, Eric W. Biederman wrote: > >> Similary have you considered what it required to be able to safely set > >> FS_USERNS_MOUNT? > > > > I pushed the one patch which I feel is needed to my branch (it's also > > included in another reply). Aditya had already added FS_USERNS_MOUNT to > > the cgroup fs flags, so I think we're now all set. I can start > > unprivileged containers which mount cgroupfs (which make systemd happy). > > In principle that sounds very good, and I am glad to see that. > > Let's hold off on merging the unprivileged part until everything else is > reviewed and merged and we have performed an extra hard look at the > security implications as it can be easy to overlook something when > relaxing the permissions. I'll break out the FS_USERNS_MOUNT flag into the very last patch. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/