Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp396203lqb; Fri, 24 May 2024 01:24:59 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVpCZSpOqizd4o0woU9a6g79jbwgM+BEYyr215B4eLzdvfWP8q9k5ao9qbEwKIzUnkzsMt2DoitinH62AzButgZg0d4BLTfcuaxCT9lzw== X-Google-Smtp-Source: AGHT+IE9COUiChm4JnQZ2nuyqwyuM6vwODfyvaqbuB9pU8hEIkGTh93yV8oyp5chcAW6mDWInwal X-Received: by 2002:a19:ca01:0:b0:51a:df97:cc8d with SMTP id 2adb3069b0e04-52965a421acmr1080474e87.26.1716539099606; Fri, 24 May 2024 01:24:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716539099; cv=pass; d=google.com; s=arc-20160816; b=O5mIZ6kMV61+TxideYVbIVl3Cb25RBL22N1HVXUM6xcbgeDxRyxeg1CAiHURPnYwlZ 0QXa/ZnkIvMaOMjIz5lClAHqr+KQWTJecFUcth27qWoQWi7JIA84N2QYRIvwAoLAH6xi gMna45V8lAmZSzWUAudTkZDPMimuf5sVgP2bIO/Ajs0ZAK2wuep5NvEMPp3Vnrxm7CcK VxWBYBVVOeUAqih3bQPQnnaakl0NOjyJLiQY3KcuzIZW/Tuc5SdLDZLeboC1ruBlMXYG tyXv5/+fEpC5quuzrU+VO9hExZPxE7ZKeNz0a9ZzLL0p+jVT4vITtqDoje/S1vbA33FR Qpzg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=KRXrVEjE7hwIwPecyo3X3AyrQafZGVYbwM3Pgp/6o0s=; fh=z27W28bKo1xxGA7vMkzhYAhqKoEWz77v/+XQ94pH+D0=; b=zIUAQRxmXfezMQxR7o0gw6YI0iBVfnvvn8SpfoRfhoSbH2WDxuUWEWbpuWTD9ylknt nlnohZ3hFFWXInxSgWPXRuu1ApuBIGEEoSyRtGIFK6dDNmUNKCfYJ0x5gwkI7sVkYKS6 ujHbhB2ODq2gd3SvFOP1FDrLLU6DSwXXjeJSJMjPeCs0lvGaxb7DyG4hDf4/nSGKZvA9 juewAXENTnAQ8m0EnaF/1lf/sqntHMPrgZLI7QJRzvr4mQXC8ZDjqhPhL5YxUspzXAcO Nf3e5jxN+7kwPeqFxNxvRHibVOxkGk5xzNWCy2UhLhHXzEQRuYwnBPIZIBAFw2esmmxR RzNw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="M/A+1VCG"; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-188462-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188462-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a640c23a62f3a-a626cc37a7bsi58441566b.345.2024.05.24.01.24.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 May 2024 01:24:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-188462-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="M/A+1VCG"; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-188462-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188462-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 530D31F22233 for ; Fri, 24 May 2024 08:24:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 35AEB128829; Fri, 24 May 2024 08:24:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="M/A+1VCG" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B7FF4127E12 for ; Fri, 24 May 2024 08:24:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716539092; cv=none; b=SsniK0snpdsleqUt9XfGQQFzzLd8xx0fCyjwmeDGzJNBdWqb/awAL9Y6ry89AharPXGx41Bv9jzjZbAOrPvFlp+FDTxD1x0/rGaR2QWLtUaPJ6FTcO/9/5Igcezw9S4UJaH15uyyp2md0nUHPBymQjCdnN4XvL9gl14WgsXwIbA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716539092; c=relaxed/simple; bh=OoeEiGup8kxbvVebwYL9smtlfOOm6MqCCnMknxBm4BE=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=MFqLhGlnmzh39nRhz6p2mwkofn0AMdcEt7mm8A3jdgKIGZyBoPpJcBj5wlUc4yahsi9BmwQE5ZGo71t04ZSaU/XOiULFOzkLO4y89a/rJJamx0uTQKrTMrkQjX1u73inbP0vxG5aCS9E94iXvGPaiJGJZnyWBoSIAyP0zZkdLug= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=M/A+1VCG; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1716539089; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=KRXrVEjE7hwIwPecyo3X3AyrQafZGVYbwM3Pgp/6o0s=; b=M/A+1VCGwOlT01CHM6MI2rGb6t10B5IxMScTjMNxsC7EIHQARn/E8ea0t2Ud7Di05tfX4g zQ9MbSc72Gv728Wy7r7WbbG1Z6KFRtjcbrUQqCkdWSwADRNJj7NdXOcXw+jJyAM30FMktc zPxKambSyLvNyNX3ZBnkTiF06/Rp8rA= Received: from mail-lj1-f197.google.com (mail-lj1-f197.google.com [209.85.208.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-300-uls1BQPJPR2plUVCYELqDg-1; Fri, 24 May 2024 04:24:47 -0400 X-MC-Unique: uls1BQPJPR2plUVCYELqDg-1 Received: by mail-lj1-f197.google.com with SMTP id 38308e7fff4ca-2e95a1f049aso5645301fa.0 for ; Fri, 24 May 2024 01:24:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716539085; x=1717143885; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KRXrVEjE7hwIwPecyo3X3AyrQafZGVYbwM3Pgp/6o0s=; b=URZVLUL9dT80hJnMrKg//L592vZBVfD+4ScPiMumu1rHC5OzVLYQsSXjTISiS8pqtB jQBIRpFmzaxxt1Xq9BTo69WfWI/8fhDGKN1LoHxdRFr9axYH0iuLsWtSR6bH3HUT/Jb5 GIc9/cz6JJ/Hg1CPSVf2525hTu0KMqkghYSFSkKuBu5WmMKgqbfhcr2cZx9rnAzISssY b4zuJ6VAyVexkBTdDK82nZaCQmNCKokQ2HvxurGgYHmtDGb2A6gsuznOZZRotWzhEvPr wCfxl9TaHs/A41eP5c5j68EL//zLE09dFVeuQOhflfrMxuBmLZUFlbOtcifbZWPBoT57 PEJA== X-Gm-Message-State: AOJu0YxU0MCF2lE1A3s8iT8A1SuoES7G+nA7Hf+ptJ9jud1Qei9B/Lbq P7MHyJ6iMWchW6idMbfm7YGHA2MczH07dNcG7dnnASZnMgt3UHXXeySvX4D5PVa2YCK/I8kfhzb 7h2hfN7Cn2J7OD51XWsv34PZVXkJwRoQjEp4LBRWIrmeu8/sST9SFOVOKf28E8nHdsccGMfTSLP RK/Ur1BFEAvBsdd0YZEi1dAnA9ay/JAwc4XGyy3s8QBNZG X-Received: by 2002:a2e:a304:0:b0:2e1:a504:f9ec with SMTP id 38308e7fff4ca-2e95b0c1546mr12076631fa.23.1716539084938; Fri, 24 May 2024 01:24:44 -0700 (PDT) X-Received: by 2002:a2e:a304:0:b0:2e1:a504:f9ec with SMTP id 38308e7fff4ca-2e95b0c1546mr12076201fa.23.1716539084310; Fri, 24 May 2024 01:24:44 -0700 (PDT) Received: from localhost (205.pool92-176-231.dynamic.orange.es. [92.176.231.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-421089ae976sm13796085e9.38.2024.05.24.01.24.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 May 2024 01:24:43 -0700 (PDT) From: Javier Martinez Canillas To: linux-kernel@vger.kernel.org Cc: Daniel Lezcano , "Eric W . Biederman" , javier@dowhile0.org, Christian Brauner , Javier Martinez Canillas , Andrew Morton , "Gustavo A. R. Silva" , Masahiro Yamada , Nhat Pham , Petr Mladek , Randy Dunlap , Vincent Guittot , Yoann Congal Subject: [PATCH] userns: Default to 'yes' when CONFIG_MEMCG option is enabled Date: Fri, 24 May 2024 10:24:16 +0200 Message-ID: <20240524082434.657573-1-javierm@redhat.com> X-Mailer: git-send-email 2.45.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit The default value for the CONFIG_USER_NS Kconfig symbol changed over time. When first was introduced by commit acce292c82d4 ("user namespace: add the framework"), the default was 'no'. But then it was changed to 'yes' if the CONFIG_NAMESPACES option was enabled, by commit 17a6d4411a4d ("namespaces: default all the namespaces to 'yes' when CONFIG_NAMESPACES is selected"). Then, commit 5673a94c1457 ("userns: Add a Kconfig option to enforce strict kuid and kgid type checks") changed the default to 'no' again and selected the (now defunct) UIDGID_STRICT_TYPE_CHECKS option. This selected option was removed by commit 261000a56b63 ("userns: Remove UIDGID_STRICT_TYPE_CHECKS"), but CONFIG_USER_NS default was left to 'no'. Finally, the commit e11f0ae388f2 ("userns: Recommend use of memory control groups") added to the Kconfig symbol's help text a recommendation that the memory control groups should be used, to limit the amount of memory that a user who can create user namespaces can consume. Looking at the changes' history, a default to 'yes' when the CONFIG_MEMCG option is enabled seems like a sane thing to do. Specially since systemd requires user namespaces support for services that use the PrivateUsers= property in their unit files (e.g: the UPower daemon). Signed-off-by: Javier Martinez Canillas --- init/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/init/Kconfig b/init/Kconfig index 72404c1f2157..208e2f500ef0 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1239,6 +1239,7 @@ config IPC_NS config USER_NS bool "User namespace" + default y if MEMCG default n help This allows containers, i.e. vservers, to use user namespaces -- 2.45.1