Received: by 10.223.185.116 with SMTP id b49csp1165984wrg; Wed, 14 Feb 2018 12:40:37 -0800 (PST) X-Google-Smtp-Source: AH8x226Xp2jvych1YhkFi/jZ6EOT7wt4B/1cTSTBwQzdnPUyHAXsTlcfwxRd+y575sP+7MzH5xUf X-Received: by 10.101.91.3 with SMTP id y3mr230793pgq.260.1518640837337; Wed, 14 Feb 2018 12:40:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518640837; cv=none; d=google.com; s=arc-20160816; b=a/6ZEydFZZivParTKI5EasIJYy7eBXu2nVxZoDZMtKyqglzPmJsbK4wJCV+fxBnXfM s/+nxmoTA/T1fowIQHcpobrMREctQ4j1jAL0ofCk5XeG58S17jd2mQL3wavhQuqjxbUc qNhWOMq0ZdPwDEKiVzrSXc784ZwE12IWrIElI8yMIBpDQnWhRJ6hnEdnT890eyiVtrsZ LgQqmGxaCdxGAKw9msc/xYtaAxoX0Db+9r4x7K0hsSsa5xqdFxFEVzwFnaJdlWAL6VdE 5XepLWLHyt4RURoXMshEuH2OKk7pbvupSJtDRiOdSdHHwpSPqm9HQbIEzUwdsNEsbWT8 L/2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=sxBCVnKm9CkzmYj+lWHVy9cM2PIvCl1YBP3myNQsDYM=; b=der3NJyAWissaO/0T2M1yeYo72V5fF0N2FgPW+SWAAIAhfWBHbMys1B3y/CaPTxo0p MhZA27DxeWrzjCKjfvM+Vw1gScliQQBVql88PdeEfkInV+e84fej+ptF5U/j6f0nINSk URnwoV8G++ZSJAKd64lFgnoWKo9dh5LJHt20zTngL12jJvEDgdypudpiP/EuojO8ojfB QRu3GLYoe7bmhkGjL6z+v9Xy/4Zo+pmA8zgo6zcMWqfzr4aM5ARU/C675tXNlWsie/sc AAK0y31F7m9GLDu0/b46HUjqyaKqEavMGOi6urt6594P3u53RkBi8HwP6LOVKAQs6RSf MUww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f1-v6si279193plb.329.2018.02.14.12.40.22; Wed, 14 Feb 2018 12:40:37 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935262AbeBNUjm (ORCPT + 99 others); Wed, 14 Feb 2018 15:39:42 -0500 Received: from mx2.suse.de ([195.135.220.15]:59660 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934991AbeBNUjl (ORCPT ); Wed, 14 Feb 2018 15:39:41 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id C0B81AABE; Wed, 14 Feb 2018 20:39:39 +0000 (UTC) Date: Thu, 15 Feb 2018 07:39:33 +1100 From: Aleksa Sarai To: Enrico Weigelt Cc: Richard Weinberger , Linux Containers , "linux-kernel@vger.kernel.org" Subject: Re: plan9 semantics on Linux - mount namespaces Message-ID: <20180214203933.55yraxue7hpup65x@gordon> References: <0f058286-a432-379b-f559-f2fe713807ab@metux.net> <2050418.Dl5pXkWGsk@blindfold> <4f620eb7-c00c-487b-2e06-8cc4c97af38c@metux.net> <60748622.exvCVAzLTp@blindfold> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="45q67fkve2bvqniy" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170912 (1.9.0) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --45q67fkve2bvqniy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2018-02-14, Enrico Weigelt wrote: > But still I wonder whether user_ns really solves my problem, as I don't > want to create sandboxed users, but only private namespaces just like > on Plan9. On Linux you need to have CAP_SYS_ADMIN (in the user_ns that owns your current mnt_ns) in order to mount anything, and to create any namespaces (in your current user_ns). So, in order to use the functionality of mnt_ns (the ability to create mounts only a subset of processes can see) as an unprivileged user, you need to use user_ns. (Note there is an additional restriction, namely that a mnt_ns that was set up in the non-root user_ns cannot mount any filesystems that do not have the FS_USERNS_MOUNT option set. This is also for security, as exposing the kernel filesystem parser to arbitrary data by unprivileged users wasn't deemed to be a safe thing to do. The unprivileged FUSE work that Richard linked to will likely be useful for pushing FS_USERNS_MOUNT into more filesystems -- like 9p.) --=20 Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH --45q67fkve2bvqniy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAlqEnoIACgkQnhiqJn3b jbRwxQ/7BE3wVUP9GsXPbxtByKmh4mlHGR1IkTlzxGs09+IVxiOF8mmfaGviElD5 i6vWhYhv9JFzTvONadYoGFy/BhYiDW5QxYN9HUduHOA4aMpW7nrnq3HVbZQSumU1 7tt1ULEXzm+LSJdFFk5o3VaK+twkmFYaa9F8C/pH1Ywy6k4Cq16eP9aj08Qt1ADW 1ORXyVKPrr5j9o39EAZNu/qu6Xzv5WVa8LvAxshAUQDrhIxmQqqyYZ9nSAc9ecQt 0MouBo8I3HzK3YQDTeQwKGTWIPFtLsnoL+p69CtiKuhSVTTjcN20xGDgohpCYQud 7mMZt4GrHgSE0JV8gwgLhMKeHPmD7I0QTIoODJbXh5xL/Q1gt5cjZ4fOMk20DsO1 mBSNlrYyH8WlLITwNpxi6XecNDb6CBwh3rOnMoC5ELl2v9zsSsPll//ENTJIqz5P U1dvn9hahHvSnDsz8A6cjtvPBYHB8gofaHKUxhFMrqn1vakP8uQEkvCLx/knnR4K JlmTlUxgx+JDm1lmx9ai+JHXjzjyI6f6LtKlvWOqPeIvCD5rWRbTZvkOOn7s8mLV sEdeOFkLrKNIGfvOaipY2SEMgsfzbc3yGXBrWbaydjDAMeFwiqWycdQlQ7NyRhX5 TxU7WphcjR+4QBAhFL6xuAkjsXe1dkBHTeNAkUSQ7Vli+iuMo+Y= =j1bi -----END PGP SIGNATURE----- --45q67fkve2bvqniy--