Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934312AbcCHAZB (ORCPT ); Mon, 7 Mar 2016 19:25:01 -0500 Received: from mail-oi0-f42.google.com ([209.85.218.42]:34678 "EHLO mail-oi0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934304AbcCHAYm (ORCPT ); Mon, 7 Mar 2016 19:24:42 -0500 MIME-Version: 1.0 In-Reply-To: <87lh5t7ryo.fsf@x220.int.ebiederm.org> References: <20160306082820.GA1917@mail.hallyn.com> <87oaar2ryz.fsf@x220.int.ebiederm.org> <87lh5t7ryo.fsf@x220.int.ebiederm.org> From: Andy Lutomirski Date: Mon, 7 Mar 2016 16:24:21 -0800 Message-ID: Subject: Re: user namespace and fully visible proc and sys mounts To: "Eric W. Biederman" Cc: "Serge E. Hallyn" , Serge Hallyn , Seth Forshee , lkml , =?UTF-8?Q?St=C3=A9phane_Graber?= Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 849 Lines: 18 On Mon, Mar 7, 2016 at 4:07 PM, Eric W. Biederman wrote: > Andy Lutomirski writes: > >> On a related note, can we *please* find a way to constrain namespace >> creation in a way that might satisfy the RHEL crowd? > > I am not certain to what you are referrring. > > As long as folks are willing to work with me I am happy to help design > and design something that makes things better for everyone. If someone > pushes hard, suggestes crappy patches, and does not listen to > constructive feedback I will shoot their patches down (especially when I > am sick and tired as I have been more than I would like this development > cycle). I think we should add some mechanism that will allow the right to create various namespaces to be constrained in a useful and usable manner. I'll start a new thread.