Re: [PATCH -mm 5/7] add user namespace
From: Dave Hansen
Date: Fri Jul 14 2006 - 12:34:09 EST
On Fri, 2006-07-14 at 09:13 -0600, Eric W. Biederman wrote:
> Already mentioned but. rw permissions on sensitive files are for
> uid == 0. No capability checks are performed.
I'd also like to point out that we can do this whole process very
incrementally. If we want, we can start out with all containers
chroot'd into a filesystem namespace which uses read-only bind mounts
and doesn't allow any write access to the underlying filesystem.
As we introduce the capability checks, we can start to actually
cooperatively share more data.
-- Dave
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/