Received: by 10.223.185.116 with SMTP id b49csp4177254wrg; Tue, 13 Feb 2018 14:13:27 -0800 (PST) X-Google-Smtp-Source: AH8x226tUvYgfWSgvy1WJEBAh4u0VQimipGamD14IYn1CLFkDtpP+pFTUuVgLxvJ+hNDKGPgGX6E X-Received: by 2002:a17:902:8a8b:: with SMTP id p11-v6mr1844153plo.74.1518560007305; Tue, 13 Feb 2018 14:13:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518560007; cv=none; d=google.com; s=arc-20160816; b=UuLTd5/a031h7avhBlExieOVjioyg+t8Y4k+7OAHrymoXF8k/eKQG2TBL66neoAzVb TZe7URAeH+G2ncAIj8xnUH/M6yCWx9B9KmRT/LOk2w8sNzW6ev3uUIPYkR3z3ggJA/Wj qWeRlSu+Nev7yd8RBJPm66Fjr8LrIkGOP3AEEQxNnCsajqMC1b8kVMUHmJ0yCi7Fd0eC eQPDJiOGlckqvd8s2Jk4TXnzLXxnFXYAgRfCGXwEzGUYrcIfMzT5Zu02WMyq0morlPNu LEhVpRJFiOO6v0PpGxDxzIUzoxFOhH3K0SHDuCFGT5NLYUeVxROwdossVaGQSCDbnlWb M2ag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:mime-version:user-agent:date:message-id :organization:subject:from:to:arc-authentication-results; bh=RS7QtgpAZaJUiLM4GoqH0ugMYUOEZeHEWoT5SAFLMG0=; b=CscO5k+VACwPzMTIANufO+PQSo47dfQtHnwpiCc4MQ9wPB4tUkgpYDmCYx00vGOp7P c/MvOn8YsmYJUKoUw7PhNJ8ukE1LW4bfRsKMY9FZl3H06wTA6Qoma9lpj4NRRDuA7nUM 25gOnJlmxFetLDhR+HaCg7D2B4uZNC/Gbm0Z5ROzamRWxIEAgezeShK2MrXt8lEu3/KN KDQlJyFELtkntaiknrRCy3EYmA7jIrk/l0x3aYiBjuH1eXbWAy8SgIw2lXdGzDKv9/VB 41KWDsDfqhMPGSaXPMrhH30aGG/yic3u1t6zl2YYZyoEbQ+NRTGoAFej/lg/c4tzVjVT erYw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h90si418514pfa.257.2018.02.13.14.13.12; Tue, 13 Feb 2018 14:13:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965949AbeBMWMc (ORCPT + 99 others); Tue, 13 Feb 2018 17:12:32 -0500 Received: from mout.kundenserver.de ([217.72.192.74]:58203 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965931AbeBMWMa (ORCPT ); Tue, 13 Feb 2018 17:12:30 -0500 Received: from [192.168.2.106] ([84.184.25.114]) by mrelayeu.kundenserver.de (mreue105 [212.227.15.183]) with ESMTPSA (Nemesis) id 0MFsZi-1ezSKz3K8E-00Eunj for ; Tue, 13 Feb 2018 23:12:27 +0100 To: "linux-kernel@vger.kernel.org" From: Enrico Weigelt Subject: plan9 semantics on Linux - mount namespaces Organization: metux IT consult Message-ID: <0f058286-a432-379b-f559-f2fe713807ab@metux.net> Date: Tue, 13 Feb 2018 22:12:25 +0000 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:I0IX5rhJP32igtPkv8T6JWV8CKMvUz2TMRTqme7fFA1OmwIl7dJ DqrbhPBum60DGFrBVUJaHl/Rd+KP0MDeidnpHBbFNgSUplsBxZcHfsQIRyRhDrAaMxp3LNo IbWRzFjNGtMl6Pas9EAcPbOuvjcWzJNuWxlDTnM8BZjREy477YHBgF6tH2mRKxxjD3Pj78G 2Sc1duXgA33PmhafsDN4A== X-UI-Out-Filterresults: notjunk:1;V01:K0:HwYWBb3hvnM=:VOV5WlMaMvKONsw3W4D/Lb uRdnBQEKzscYsFchdA9BNeMmo1WzmnatQrrIcTg3Ye0XScfE9b37keRo/VAu4a7c7KMsArcoB 4WaNAKo20Y03mNsl9Ot4TDqtSi3wlCymYgwkoQfCRHoAjmqNPoY9zG0XyQZutgKQ+KwIDxW3G Hw26ZtxJTnj8uUGimygx7dgwb0gcTT5VMXGVvn90fnrIJ3WrAjQXU3Jb1y1ofotm0Lxx9zI7C wnz0h9PRII4wHv2n5JOGqNLka1Tp22YZWML6szmIKRLfy+HTsJtMHEujOZus6Yfddh1QAlgK9 0lZGkxOh5s+K8tdJ/z8KXF8n3m1pGp0s9iaNVQB90WixMJs4Vlxyfcolf9I84JuCIulRcezXf QUcgiZDNqRdECcpcpozMdWVcTJSGC7xu4nwYWYhP2l4kVzc6GEWLPUUPUV866fmwWrz1VO7i7 jJLuxryJxfqnbI3rz3v4sPfQoqbE5nfSrSVyw1l4KBHFitmvffZf3fcBYROJSIdBfUfll63Ay gEEfJMzM+j96ztq8Wsg1/HiHJRt0+X1qZi8z5JdfaUa+xMimC+JWT24XkRY+ML7XE2FO+x/MF Ybc441f4hKElA8k4Ar6zm+0KlPxGXRwcUqPn2vKk6QTAoXKLJqt2MFQefRyPnrulzVtNRA34M P1nHNNJKQ1reMrI2LcGUIs071YGV+yk3JGbq63vWIaY8TT22zzpKVWorwyVtNLX0pnoCQQaSO OJDcnAeG0esf1yptEYMXG9IGnP/P3e9kfjBCFNR+PpHV+82gv0+OIegx0shtqgW/uJY+CNU9X jNSis0QEYgu5jEkyYkZMcRFVh5zdVXtDvPC0IWmvbwzMAgU9isSuECjlA3nFGxuUiqtTM2G7K gSqBTQZ2h8lLaeKhteqIf8IImlbRGeD16+nHaCt0OCFIyUAOishZU2/iRvkSnw4g6njxychBl SBqmzSe5BrA== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi folks, I'm currently trying to implement plan9 semantics on Linux and yet sorting out how to do the mount namespace handling. On plan9, any unprivileged process can create its own namespace and mount/bind at will, while on Linux this requires CAP_SYS_ADMIN. What is the reason for not allowing arbitrary users to create their own private mount namespace ? What could go wrong here ? IMHO, we could allow mount/bind under the following conditions: * the process is in a private mount namespace * no suid-flag is honored (either force all mounts to nosuid or completely mask it out) * only certain whitelisted filesystems allowed (eg. 9P and FUSE) Maybe that all could be enabled by a new capability. any suggestions ? --mtx -- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info@metux.net -- +49-151-27565287