Re: plan9 semantics on Linux - mount namespaces

[Enrico Weigelt]

On 14.02.2018 12:30, Richard Weinberger wrote:
> On Wed, Feb 14, 2018 at 12:27 PM, Enrico Weigelt <lkml@xxxxxxxxx> wrote:
> > On 14.02.2018 11:24, Aleksa Sarai wrote:
> >
> > > What distribution are you using and which release?
> >
> >
> > On a self-compiled system.
> >
> > Forgot to enable namespaces in the kernel. Now it seems to work
> > as root, but not as an unprivileged user:
> >
> >
> > daemon@alphabox:~ unshare -r -U
> > unshare: can't open '/proc/self/setgroups': Permission denied
> > daemon@alphabox:~ unshare -f -r -U
> > unshare: can't open '/proc/self/setgroups': Permission denied
>
> Please read http://man7.org/linux/man-pages/man7/user_namespaces.7.html
> setgroups is a corner case and needs special care.

I'm still confused. Does the unshare program do something wrong here ?

Anyways, I doubt that user namespaces help solving my problem.

What I'd like to achieve is that processes can manipulate their private 
namespace at will and mount other filesystems (primarily 9p and fuse).

For that, I need to get rid of setuid (and per-file caps) for these
private namespaces.


--mtx

--
Enrico Weigelt, metux IT consult
Free software and Linux embedded engineering
info@xxxxxxxxx -- +49-151-27565287