Re: [PATCH -mm 5/7] add user namespace

[Serge E. Hallyn]

Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
> Dave Hansen <haveblue@xxxxxxxxxx> writes:
> 
> > On Thu, 2006-07-13 at 12:14 -0600, Eric W. Biederman wrote:
> >> Maybe.  I really think the sane semantics are in a different uid namespace.
> >> So you can't assumes uids are the same.  Otherwise you can't handle open
> >> file descriptors or files passed through unix domain sockets.
> >
> > Eric, could you explain this a little bit more?  I'm not sure I
> > understand the details of why this is a problem?
> 
> Very simply.
> 
> In the presence of a user namespace.  
> All comparisons of a user equality need to be of the tuple (user namespace, user id).
> Any comparison that does not do that is an optimization.
> 
> Because you can have access to files created in another user namespace it
> is very unlikely that optimization will apply very frequently.  The easy scenario
> to get access to a file descriptor from another context is to consider unix
> domain sockets.

What does that have to do with uids?  If you receive an fd, uids don't
matter in any case.  The only permission checks which happen are LSM
hooks, which should be uid-agnostic.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/