Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp3116833lqo; Tue, 21 May 2024 07:22:58 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXZLzyYx4Gq9y8g5x8hw2XpzwhmDwZHmfQ8SJTHBPhwvyNf2PCBT5L/RDfDVQxiYOzLVTqm3xIqeBsD53m+/fbL4j56aPUxqH0kq/L9ag== X-Google-Smtp-Source: AGHT+IGXVbS3EfTkQ33i4tzNR63fhJ6F6RsVsKDJyxVxPeDh5WtREeBY6Fcml7jn8o0/ziWY6ILU X-Received: by 2002:ac2:494d:0:b0:51b:4df3:540e with SMTP id 2adb3069b0e04-52210277cfamr27099399e87.65.1716301377872; Tue, 21 May 2024 07:22:57 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716301377; cv=pass; d=google.com; s=arc-20160816; b=CYQY+2JrmzRbTzaom2idw/rneY/IMrnEcmQH5GMXjjnteDPj935SDIwWsl2HE5+BFq Ku3m2dB3VjfqmKJ98IXbhfKPmXklLTuBqVDN645lsfD2Z1axLXIuo+GwCagxO60zMzc/ 05/bZfWiwI3sBau1jEiI6kLYx7fSEwgIwpVEaZpbtiAHt7Rts4JLmZdIRZvDkOzvSh3u TKXwHNCLilCx4N/L1jvxjV50s60BlCbLiBeG/NagWtmtESE2st7hEdntokp6ReV6M0KD xHMNlqePU7oz5ZOVBePyZKmTi+1xooHe6G9QywCnV09g4D9NhGu3VmW6ImbVIsOadAcw m6JA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=wZtYXcGZzSQS0F0yeoqFidLr8irNWnwUfGi6pl/72k0=; fh=mHVCFet5c41sAo36P1xK9yY4TXbNLCVoG/dXHI6SamE=; b=MumwfysxX7oivYss7DzgQk1gpXPVWgVeNXPLYYGTdyaC+Qe/5o6Caa+e6ij6vQCbxL szSou3nT/r2PrtwUHSVedSwvD1uqTXk7KP4mjVE5EBAUCMoeaRwkOMn0wmZ4zkvBSlO+ WpPF1C57eZ2Gl49ylYsY0JHLMAbVtt1CPigds7ocavmCP8MZGmX3IkQ5vuezY/wYtRh2 fNQOr73azD3RM182eRGaAsM3kY1Q0kxNB+S7Nf18EyraBupz5hoM3uKmu77vwmYa9zvP njjgR17oAy2vbXpsS1LlHhoouSSeXW9zHL9DGC7/3xJBX6uOsL+zPANtotqvl9X6Ryap orsg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=JrIGLAzs; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-185068-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185068-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a5a17946a7asi1371842166b.173.2024.05.21.07.22.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 May 2024 07:22:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-185068-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=JrIGLAzs; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-185068-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185068-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 664081F24FB2 for ; Tue, 21 May 2024 14:12:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B6F8F7FBBD; Tue, 21 May 2024 14:12:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JrIGLAzs" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D0101535B7; Tue, 21 May 2024 14:12:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716300741; cv=none; b=fHj0uaLMQMl2o4N53p1mO6+YyiEOpRux3snY/tdnNUwRr8M5/vtC/Ta0oRTC7k2UcrwdF80G537hvChQibTeQ2i0W1YuV3ZapZRyDc+fGn3bSuEvEKjY/o22QHttQ0ZyAIt8cgwjzBPfO1smtJKx5zEPYtOXTPoveOZx+zkhw6c= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716300741; c=relaxed/simple; bh=wZtYXcGZzSQS0F0yeoqFidLr8irNWnwUfGi6pl/72k0=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=HKzj1dAdA+A05Da6DHMKKKZVa2IkuEOTbPegyHUP1pMHEKj0gBRdbaofDNineRcU5MgMRKGy5NT7qgeS5nlCOz9YgP5S2h/gDnZicdNDyHBlKEf9gs2ls5RfQQ6Qwgvijd0y+3ZJCDpQVRnBMPtzutvcimw5HgG8Z0uw4WP3edM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JrIGLAzs; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id EFCC9C4AF13; Tue, 21 May 2024 14:12:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716300741; bh=wZtYXcGZzSQS0F0yeoqFidLr8irNWnwUfGi6pl/72k0=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=JrIGLAzsfEwXHnF4TBlNEh/ojwF8O6M+gyeuZLu8pnogmhiVqczyd7u/A7hVRG3HL 9FDZ72VEm/uTsI8XttNZIju+adLcvpkyMfgClLZurMViRZSj+uvSzHljqQtjk5jLQh amVhBSlxMZrElIq7BOOIPkur1EnDRbdpFPOB5woC/ssmfnV18pD1A0zc/N5krICMPi fE9ad7Q4eGkZWX26254cX5t3pSPmuLWHmTpWOR4dFInouPY3VvanxNZNHR1EAmO7mU YmT7N8bI7Xp0164viij+Sx42F9xeET58DuFwWTzzpppKKpNT9xxLC6Qhfrn/DYPFsf PmbD5t4MPiJ3Q== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Tue, 21 May 2024 17:12:16 +0300 Message-Id: Cc: , , "Luis Chamberlain" , "Kees Cook" , "Joel Granados" , "Serge Hallyn" , "Paul Moore" , "James Morris" , "David Howells" , , , , , Subject: Re: [PATCH 0/3] Introduce user namespace capabilities From: "Jarkko Sakkinen" To: "John Johansen" , "Jonathan Calmels" , "Casey Schaufler" X-Mailer: aerc 0.17.0 References: <20240516092213.6799-1-jcalmels@3xx0.net> <2804dd75-50fd-481c-8867-bc6cea7ab986@schaufler-ca.com> <1b0d222a-b556-48b0-913f-cdd5c30f8d27@canonical.com> In-Reply-To: <1b0d222a-b556-48b0-913f-cdd5c30f8d27@canonical.com> On Tue May 21, 2024 at 4:57 PM EEST, John Johansen wrote: > > One tip: I think this is wrong forum to present namespace ideas in the > > first place. It would be probably better to talk about this with e.g. > > systemd or podman developers, and similar groups. There's zero evidence > > of the usefulness. Then when you go that route and come back with actua= l > > users, things click much more easily. Now this is all in the void. > >=20 > > BR, Jarkko > > Jarkko, > > this is very much the right forum. User namespaces exist today. This > is a discussion around trying to reduce the exposed kernel surface > that is being used to attack the kernel. Agreed, that was harsh way to put it. What I mean is that if this feature was included, would it be enabled by distributions? This user base part or potential user space part is not very well described in the cover letter. I.e. "motivation" to put it short. I mean the technical details are really in detail in this patch set but it would help to digest them if there was some even rough description how this would be deployed. If the motivation should be obvious, then it is beyond me, and thus would be nice if that obvious thing was stated that everyone else gets. E.g. I like to sometimes just test quite alien patch sets for the sake of learning and fun (or not so fun, depends) but this patch set does not deliver enough information to do anything at all. Hope this clears a bit where I stand. IMHO a good patch set should bring the details to the specialists on the topic but also have some wider audience motivational stuff in order to make clear where it fits in this world :-) BR, Jarkko