Re: [PATCH 1/2] user namespaces: let user_ns be cloned withfairsched
From: Serge E. Hallyn
Date: Mon Dec 08 2008 - 11:15:19 EST
Quoting James Morris (jmorris@xxxxxxxxx):
> On Wed, 3 Dec 2008, Serge E. Hallyn wrote:
>
> > (These two patches are in the next-unacked branch of
> > git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/userns-2.6.
> > If they get some ACKs, then I hope to feed this into security-next.
> > After these two, I think we're ready to tackle userns+capabilities)
> >
> > Fairsched creates a per-uid directory under /sys/kernel/uids/.
> > So when you clone(CLONE_NEWUSER), it tries to create
> > /sys/kernel/uids/0, which already exists, and you get back
> > -ENOMEM.
> >
> > This was supposed to be fixed by sysfs tagging, but that
> > was postponed (ok, rejected until sysfs locking is fixed).
> > So, just as with network namespaces, we just don't create
> > those directories for user namespaces other than the init.
> >
> > Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
>
> Applied to
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
Thanks, James. I talked about patch 1 with Dhaval, and while he's ok
with the patch he (rightfully) thought there should be some extra
documentation. If it's not too much trouble would you mind swapping
out patch 1 for the following? (Otherwise I can send a new patch on
top of the original)
thanks,
-serge