Received: by 10.223.185.116 with SMTP id b49csp35066wrg; Tue, 13 Feb 2018 16:03:54 -0800 (PST) X-Google-Smtp-Source: AH8x227U66N2IQ+mpedH34pSf+lwqiewMnzLbwHUZAtMljz1oeztMi/1og5UfuwBT1R6z2j8Rljd X-Received: by 10.98.131.139 with SMTP id h133mr2851396pfe.155.1518566634158; Tue, 13 Feb 2018 16:03:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518566634; cv=none; d=google.com; s=arc-20160816; b=b6f39D8dd5ROxyfO5Oy0pumQ9AccI7WLQC10TCTSvUWpDYtmZZr0Wzx9DxOntnW/Pc fNm/X0NZC/xUjyW9Lf26R58DcY20LGKnxdyhHDkZq5nYF/wH1SeCVxH1g4UV1FZlwd0l Z86dMA0aTc/rfSshLIBI89Gf0lZgheGMmsl++83AzJfyPKU6b20VA9s5S79+KszT40HT xqv3uGZ0nNPXg0+BKdiX0iHNpzs8cAJxfEEngyeVkheF5ModgoxjmtKz2DYfSnH24mP7 2yDHJ0hNRm9wEPIkmwG1oJ2mRTB5A//ZCZndxj+baxvDlEphACq4zRkWNeFFkQDwVObG GtDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :arc-authentication-results; bh=WXhHUZ+tYWDFbj5x8jA9OoMqDJyZHPSsvWBg/JjXzNk=; b=pMZL5OzPxV/19/p77zSz+QxXSFo44cwUyzU1vMEZqP9fUHQ92R/egtD/XhUU2T60x1 LnPPXXT+iwQJNUCWyx82rCCKN9N3e/1uDgpVbOS6m+AxEV5pdUm/IVdDe1b3PF5g4gEf UlsN8zUkDow7hHWOqffPsDuHxDxP3tW/tlHeyvYltEL8RgY0yWbDdnx3s3BCjKbgGXVd IYV0/0rF/oEYJlnen/MuW1GXI8vEbn6sbeZlDpdjkUoFMybm2wIqkVkze8T+5X3QV/9a NrqZk579Yv29MUZk0+ALjJ4yNypZGpDFq1Nuv9fbiz0ObXDp/ZP0g2o/4Mo8p0N9m7z/ oaiQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f84si1063666pfe.128.2018.02.13.16.03.39; Tue, 13 Feb 2018 16:03:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966208AbeBNACJ (ORCPT + 99 others); Tue, 13 Feb 2018 19:02:09 -0500 Received: from mout.kundenserver.de ([212.227.126.133]:49233 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966132AbeBNAB4 (ORCPT ); Tue, 13 Feb 2018 19:01:56 -0500 Received: from [192.168.2.106] ([84.184.25.114]) by mrelayeu.kundenserver.de (mreue003 [212.227.15.167]) with ESMTPSA (Nemesis) id 0MXkt1-1fGhUd1Esp-00WrGm; Wed, 14 Feb 2018 01:01:52 +0100 Subject: Re: plan9 semantics on Linux - mount namespaces To: Aleksa Sarai Cc: "linux-kernel@vger.kernel.org" , Linux Containers References: <0f058286-a432-379b-f559-f2fe713807ab@metux.net> <5633d335-3926-d98f-d6d7-948b1e2a0b2c@metux.net> <20180213222751.p3fyg7whg6jqlzz5@gordon> From: Enrico Weigelt Organization: metux IT consult Message-ID: <39b08c53-3449-3164-c1b1-44ac587dd4ea@metux.net> Date: Wed, 14 Feb 2018 00:01:49 +0000 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20180213222751.p3fyg7whg6jqlzz5@gordon> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:ejRdENjoNjV5Bi+ASOpGNs+AM3RTD/MJnVzN4Ej/4c+FP/RvwDP xWUeaylGOFEQScLwOeL2rwfm7SK79TOZDGcxnp5qt7jLz3ltMzE+dpD8BH9OitdOlM14gos 0708rc0dGkyM6o13+Wja5J3zgiDWgDui5oLd6UMRw0HtQzMIsuqGvDk1AH0hrEYu5owIJ2J MdYNyZ8vHKYE+Csy/cvBQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:YcZIdXVRwWM=:fLC28Eh0gX7HbStlghAvP9 xmjnRssFCjHRallj2XidddxR7kH7zlEy181F0JsnFe7Do0YuD3rMW4ip2aRqWFbsHLSLubeOE o9pBkqWK0JJm16PPyY8cDdVdvsMfXocSHzqC7vhrDLZRjQRFCzW/FKY4u6JaiFpHNI96POjIK PC3Pcu1muvUKeE6R/bdTmIyLTDHkBP7q7e+/RktvndlEFjAXgi8QAFiXmTUevOTwFJm7yOmJZ MygajSdiaQlH6mH+DEFLFlhVuN6QCTEvFwswu8Oc+Xe7cn3ynINUKLZ9pb3slhDSRfHI0WtjF 3B/Prwph4UF9yzcY9Rl0rymdkJ6Vio0vLDarQd196WwAygaIXJCZU1lOR6Nir0VTAsOTo+YKx XzaLeu1MXCnBQAOWDNwMhO3P83PKpxi/sWgwL3cYlC93i+yF99H+yaTUUMCrCyp3ED4HuPN5J yDBewix52URHmiIMx2TsELKD+cEA1+9D1w1m2gK2o0KrneEdgTkQACiCSRxtXAuvdPpmlgyEV ksO0RA5XPiCEq0EboZ2w4q4Tm6k6vALGTMVwRo18dr0R/Tbr9dalfs0ftGiXaoFHghyQuDftL ds4+2YVrxz1KRUmlsBJO1vnf7LSBIjlxRMXkcKtiqmpn/KeqJgu+8tocIV1XxFMUZVQxLpDvw 2v/O2ck5WcciLPWzAYzJ/6biQADSuAOFBIjfcnQLr2p2MMeRyO8giwGNb/BjtbNwFGflb1dej US7KjfynfCmnf25KwVp8uW86n5fZ19sVsDA7NUdMgmqMh2v6slFaFcsAU3g= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 13.02.2018 22:27, Aleksa Sarai wrote: > You can do this by creating a new user namespace (CLONE_NEWUSER), which > then gives you the required permissions to create other namespaces > (CLONE_NEWNS). This is how "rootless containers" or unprivileged > containers operate. hmm, unshare -U doesn't work for me (even as root). But docker works, so user namespaces should be working. Any idea what could be wrong ? --mtx -- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info@metux.net -- +49-151-27565287