patchset to enable user namespaces

Ben Hutchings ben at decadent.org.uk
Mon Sep 30 18:18:08 UTC 2013 

On Mon, Sep 30, 2013 at 09:56:10AM -0700, Eric W. Biederman wrote:
> Ben Hutchings <ben at decadent.org.uk> writes:
> 
> > On Tue, 2013-09-24 at 10:10 +0100, Andy Whitcroft wrote:
> >> On Mon, Sep 23, 2013 at 05:08:26PM -0500, Serge Hallyn wrote:
> >> > Hi,
> >> > 
> >> > The final patches needed to resolve conflicts between XFS and user
> >> > namespaces are in 3.12.  I've backported them to saucy at
> >> > 
> >> > 	http://kernel.ubuntu.com/git?p=serge/ubuntu-saucy.git;a=summary # m.sep23.xfs2
> >> > 
> >> > This has 7 patches cherrypicked from Linus' tree, one patch by
> >> > myself to add a sysctl, default off, to enable unprivileged use
> >> > of CLONE_NEWUSER, and a packaging patch to set CONFIG_USER_NS=y.
> >> 
> >> These are pretty big patches to be bringing so late to the party.  I am
> >> particularly concerned that you have missed the beta deadline so we will
> >> be shovelling this into the kernel after the majority of the testing has
> >> been completed.
> >> 
> >> I assume we need these XFS patches because you cannot enable USER_NS at
> >> all without disabling XFS en-toto, an obvious no-no.  What feature does
> >> this new code enable which would be lost if we don't have them.
> >> 
> >> On the unpriveleged setup, I presume we are saying upstream will allow
> >> it by default, it is just us who are adding this possible cut off if
> >> there are issues?
> > [...]
> >
> > I was planning to include the same sort of knob when USER_NS is enabled
> > in Debian.  I can probably just copy your patch now.
> 
> Grumble.  Just kill the binary sysctl bits from that patch.
>
> I sent an email mentioning that the sysctl change didn't need to
> allocate any binary numbers but I think it may have been eaten by a
> grue.

No, I've seen your email and I'm assuming the actual committed version
won't have a binary sysctl.

Ben.
 
> sysctl(2) bad, /proc/sys/ good. stabs sysctl(2) a few for more time to
> see if the corpse will disappear.


-- 
Ben Hutchings
Theory and practice are closer in theory than in practice.
                                - John Levine, moderator of comp.compilers

More information about the kernel-team mailing list