Date: Wed, 11 May 2005 18:07:00 +0100
From: Jamie Lokier <jamie@shareable.org>
To: "Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>" 
	<7eggert@gmx.de>
Cc: Miklos Szeredi <miklos@szeredi.hu>, ericvh@gmail.com,
       linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
       smfrench@austin.rr.com, hch@infradead.org
Subject: Re: [RCF] [PATCH] unprivileged mount/umount
Message-ID: <20050511170700.GC2141@mail.shareable.org>
References: <406SQ-5P9-5@gated-at.bofh.it> <40rNB-6p8-3@gated-at.bofh.it> <40t37-7ol-5@gated-at.bofh.it> <42VeB-8hG-3@gated-at.bofh.it> <42WNo-1eJ-17@gated-at.bofh.it> <E1DVuHG-0006YJ-Q7@be1.7eggert.dyndns.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <E1DVuHG-0006YJ-Q7@be1.7eggert.dyndns.org>
User-Agent: Mutt/1.4.1i
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 970
Lines: 25

Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org> wrote:
> > How about a new clone option "CLONE_NOSUID"?
> 
> IMO, the clone call ist the wrong place to create namespaces. It should be
> deprecated by a mkdir/chdir-like interface.

And the mkdir/chdir interface already exists, see "cd /proc/NNN/root".

There are some small quirks to fix, should we decide that's the way to
go.  But it's basically there.

File descriptors keep track of the namespace (actually vfsmnt) where
they were opened.  Today, if you pass a directory file descriptor from
one process to another, you're granting access to see the other's
namespace.

That's why /proc/NNN/root works (with small fixes) in much the way
you'd expect.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/