Re: [PATCH -mm 0/7] execns syscall and user namespace

From: Cedric Le Goater
Date: Tue Jul 11 2006 - 04:40:39 EST

Next message: Andrew Morton: "Re: [PATCH -mm 1/2] swsusp: clean up browsing of pfns"
Previous message: Samuel Ortiz: "Re: [PATCH]resend: unaligned access in irda protocol stack"
In reply to: Arjan van de Ven: "Re: [PATCH -mm 0/7] execns syscall and user namespace"
Next in thread: H. Peter Anvin: "Re: [PATCH -mm 0/7] execns syscall and user namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Arjan van de Ven wrote:

> how does this interact with the unshare() syscall ?

it complements unshare(). The purpose of this syscall is to unshare a
namespace after the process has been flushed.

> can the unshare syscall be rigged up such that you have the same effect?

We need a clean context with no reference in other namespaces to make
unshare safe. It seemed easier to add an improved execve() with an extra
flag than to modify unshare() to make it flush the old exec.

Now, that does not make unshare() useless. It's perfectly acceptable for
uts namespace. But IMO, it's dangerous for ipc namespace and user namespace
which are more complex because they have references all over the place :
network with socket, mm for shmem, files for accounting.

thanks,

C.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH -mm 1/2] swsusp: clean up browsing of pfns"
Previous message: Samuel Ortiz: "Re: [PATCH]resend: unaligned access in irda protocol stack"
In reply to: Arjan van de Ven: "Re: [PATCH -mm 0/7] execns syscall and user namespace"
Next in thread: H. Peter Anvin: "Re: [PATCH -mm 0/7] execns syscall and user namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]