"Serge E. Hallyn" <se...@us.ibm.com> writes: > Quoting Eric W. Biederman (ebied...@xmission.com): >> "Serge E. Hallyn" <se...@us.ibm.com> writes: >> >> >> - Introduce ns_capable to test for a capability in a non-default >> >> user namespace. >> >> - Teach cap_capable to handle capabilities in a non-default >> >> user namespace. >> > >> > So yeah, I didn't address the whole has_capability junk. Feh. >> >> That just fell out... >> >> > So do you intend to tag all namespaces with the userns which >> > created it? So sys_hostname() can check utsname->uts_ns->creator, >> > and net ioctl SIOCSIFNAME checks struct net->creator? >> >> That is the plan. Add a creator/usernamespace as part of the patches >> to support creating a new namespace without the global CAP_SYS_ADMIN. > > Cool - are you working on that right now, or should I start it myself > if i'm bored and restless tonight?
Go for it. I have some things to wrap up before I can do much with this, despite the fact I want to. Eric _______________________________________________ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
