Received: by 10.223.185.116 with SMTP id b49csp1135715wrg; Wed, 14 Feb 2018 12:10:13 -0800 (PST) X-Google-Smtp-Source: AH8x2249WJ4uEdnw3nsZZbJgVV0TRae0ed4x2wL1pGpFe88Ba/+6F5XgKZrxyPVsfbvnbf4fuGGN X-Received: by 10.98.21.82 with SMTP id 79mr243129pfv.150.1518639013740; Wed, 14 Feb 2018 12:10:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518639013; cv=none; d=google.com; s=arc-20160816; b=tvADL5jmeQMVsjtlfoga8VFOFQxA3DkGKbZyz+0LpQ3+zvLiwgRsFRAwaLwWAA59na aIK4qrl0olMeB3aMabP0WF/c58TBE4wLZJDyDq7EOdT2b7Xf810Zqxf5grf8ziOEpDn+ E3r1ZBOJrKTHF6d21y5MTiU2ob67k+3afMOQqpo6b3XbOwR6Xq3ybdMCte5/RpQF6Qjo AQOOrmf0r5BHjZGAO/I9xRvkHtLL3nkXpd8McmttDJc/LC+3I16gTXuBVGZ2ceaQMw2I EeOF9+aeIk4DzLehM4n0X3dq2Lc3Dhbx4jkbjXp3YFjebUa/QC+FX9mqmZaP9LFW2Bjp ualQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :arc-authentication-results; bh=uVt1iDxKc1sWZVGb20O1BwTwTFsUQg5mDdmyCGmQzMU=; b=Ww3ZtYPY6TwJ9+O/zOf9JqzaKHenwvo+s7tHCGYxAlj4gvpK9SfXMms0lau78OQ6hN 9Mf32kOEQ5SHIOE+1aZ7avj9obE2V2svsf2Y51f7s9GQ5BbVl9KtHVVgHvk6Spg7MBuk 55XngbzZyNBVcpDjV+/N6m4nQI+tLcBgKbv+CQaAvkJIFtPNUgEqBwMbP5IhgX8AWtx0 61rLG5X7dHtGADLp4pB8JCYdhnKSV3ZXbpCJM0GsnkMskMfrHjJteATafdjFunnH7bvJ 1mujXM6q7Wv5H9fiquAcw++jAVgdZGW7Lv8X7rs2EVpXhIfGkPp0jQZwZKvHxqdB9AsW Jldw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p1-v6si1903585plr.644.2018.02.14.12.09.58; Wed, 14 Feb 2018 12:10:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1161103AbeBNRVS (ORCPT + 99 others); Wed, 14 Feb 2018 12:21:18 -0500 Received: from mout.kundenserver.de ([212.227.126.133]:52777 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1161093AbeBNRVR (ORCPT ); Wed, 14 Feb 2018 12:21:17 -0500 Received: from [192.168.2.106] ([84.184.25.239]) by mrelayeu.kundenserver.de (mreue003 [212.227.15.167]) with ESMTPSA (Nemesis) id 0MOELI-1epIXG134O-005WJ1; Wed, 14 Feb 2018 18:21:14 +0100 Subject: Re: plan9 semantics on Linux - mount namespaces To: Richard Weinberger Cc: Aleksa Sarai , Linux Containers , "linux-kernel@vger.kernel.org" References: <0f058286-a432-379b-f559-f2fe713807ab@metux.net> <2050418.Dl5pXkWGsk@blindfold> <4f620eb7-c00c-487b-2e06-8cc4c97af38c@metux.net> <60748622.exvCVAzLTp@blindfold> From: Enrico Weigelt Organization: metux IT consult Message-ID: Date: Wed, 14 Feb 2018 18:21:12 +0100 User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <60748622.exvCVAzLTp@blindfold> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:+Btept7qdhBPCSZwkxTWEtMGu4JndZEprukOQcwS4+K+3jRrkmN WIbWdoI/pn1oHYTtry1qEzO8RRwnBMVHWIT5stSEMlDg0GXbpjE7EBE3jpdh2BqCg5IeKSj bq+B0yg55tb6mYQ9P9n0UoKNGPHnDarzl+1f+TwBP59IfXnCZJEmuu+6j+KBiXyiHt5X1QB Je85C/YcPp37pNP+Q+JhQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:SxQT+zPhRO0=:X87v9YJLCGXnR6GmxSl+xN daDs8L5TwVTEPEIzxxBu8d6pgbAsL2Hps1iDSx61v+m3+D3pE0mrgBGs/GLuJjCwvx3HTY36Y xH+QHbLL9aFwXoHYBF5SWFwQMxiPB/Z0Vmw38F0tdcyiRaTKVbPJeRkwfWlxXxqNuyYuGtfac QeNLMkLCbRpRU7zEVgqCigIqi2Ju6IjOcCTpcJ/IQKt+hchcj/u7OiXq4IULl4l/mq8gVPm7d YOd7SpQf/UavV5wcDjQWqXWbjqXD3/fucXG8LLQr3wMtFJx/muiAac0cjaL5MSd1keFcBNXKe dIzXQLiLUObeFL6F1s5+Wn/Ae1Q/aWE8lBC8oaqM/jQb+VUQGVZcsFjljQdF9QiMUNQjEnuip 84KLoyAxmeKVDiKpwCOeSlYF/KDUWucd5qHWBiUk2Tb7xzpYqkVZfB3aUlF91wzhWLDENxrT0 ks59h2q+HfgLNAPJZ/hbKOolVTxE/a7Cd/mZTW6CSrL67hBK6sRik9prB5E6Ryvd7h0yFy0vy 00peXH92OAqbglLk6b8GokebhebwfFn9tTvdEQIws5gzaIEVipzQ/cNOB5EnqMomQuR1T7xOX ahSGNpUvloswe3WtWFkGIfLcZlz9ZaA/FmLAfPlGoHoRLriBcUAq0wPwrN0j+1s3aR4BmQH3p XTjqUEZ4C32uGf6TGq2nxSq6eeSw9FjBXQwLOTAn3pg4izVpIvXDJ20Pj92SiQe8tzBCT3Idq FQhzJMtMW1Edw6HJU9sVeBy34M4IoBn8NRjqEXJ8xe4ldMzyHnN6HkHhAwk= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 14.02.2018 16:17, Richard Weinberger wrote: > From taking a *very* quick look into busybox source, I suspect this should fix > it: > > diff --git a/util-linux/unshare.c b/util-linux/unshare.c > index 875e3f86e304..3f59cf4d27c2 100644 > --- a/util-linux/unshare.c > +++ b/util-linux/unshare.c > @@ -350,9 +350,9 @@ int unshare_main(int argc UNUSED_PARAM, char **argv) > * in that user namespace. > */ > xopen_xwrite_close(PATH_PROC_SETGROUPS, "deny"); > - sprintf(uidmap_buf, "%u 0 1", (unsigned)reuid); > + sprintf(uidmap_buf, "0 %u 1", (unsigned)reuid); > xopen_xwrite_close(PATH_PROC_UIDMAP, uidmap_buf); > - sprintf(uidmap_buf, "%u 0 1", (unsigned)regid); > + sprintf(uidmap_buf, "0 %u 1", (unsigned)regid); > xopen_xwrite_close(PATH_PROC_GIDMAP, uidmap_buf); > } else > if (setgrp_str) { > hmm, now it works, but only when strace'ing it. that's really strange. But still I wonder whether user_ns really solves my problem, as I don't want to create sandboxed users, but only private namespaces just like on Plan9. --mtx -- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info@metux.net -- +49-151-27565287