[Devel] Re: [PATCH 2/2] Kconfig : default all the namespaces to 'yes'
Quoting Andrew Morton (a...@linux-foundation.org): > On Wed, 13 Oct 2010 09:44:30 -0500 > "Serge E. Hallyn" wrote: > > > Quoting Daniel Lezcano (daniel.lezc...@free.fr): > > > On 10/12/2010 07:16 PM, Serge E. Hallyn wrote: > > > >Quoting Matt Helsley (matth...@us.ibm.com): > > > >>On Thu, Oct 07, 2010 at 03:15:33PM +0200, Daniel Lezcano wrote: > > > >>>As the different namespaces depend on 'CONFIG_NAMESPACES', it is > > > >>>logical to enable all the namespaces when we enable NAMESPACES. > > > >>> > > > >>>Signed-off-by: Daniel Lezcano > > > >>Subject of the patch email is a little confusing as it's not > > > >>quite what happens. I'm mostly OK with it but I'm not sure we > > > >>should enable user-ns by default just yet. > > > >> > > > >>Acked-By: Matt Helsley > > > >In fact, perhaps we should keep the experimental tag on user namespaces. > > > > > > The experimental tag is kept on the user namespace. This one is > > > defaulting to yes when the namespaces and experimental are selected. > > > > Oh, sounds good > > > > My attention flagged. Can we please confirm that the current patch is > still good? Yup, the patch below only sets USER_NS=y when EXPERIMENTAL=y, which I'd failed to notice the first time. Acked-by: Serge Hallyn > From: Daniel Lezcano > > As the different namespaces depend on 'CONFIG_NAMESPACES', it is logical > to enable all the namespaces when we enable NAMESPACES. > > Signed-off-by: Daniel Lezcano > Cc: "Eric W. Biederman" > Cc: David Miller > Acked-By: Matt Helsley > Signed-off-by: Andrew Morton > --- > > init/Kconfig |7 +-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff -puN > init/Kconfig~namespaces-default-all-the-namespaces-to-yes-when-config_namespaces-is-selected > init/Kconfig > --- > a/init/Kconfig~namespaces-default-all-the-namespaces-to-yes-when-config_namespaces-is-selected > +++ a/init/Kconfig > @@ -739,6 +739,7 @@ config NAMESPACES > config UTS_NS > bool "UTS namespace" > depends on NAMESPACES > + default y > help > In this namespace tasks see different info provided with the > uname() system call > @@ -746,6 +747,7 @@ config UTS_NS > config IPC_NS > bool "IPC namespace" > depends on NAMESPACES && (SYSVIPC || POSIX_MQUEUE) > + default y > help > In this namespace tasks work with IPC ids which correspond to > different IPC objects in different namespaces. > @@ -753,6 +755,7 @@ config IPC_NS > config USER_NS > bool "User namespace (EXPERIMENTAL)" > depends on NAMESPACES && EXPERIMENTAL > + default y > help > This allows containers, i.e. vservers, to use user namespaces > to provide different user info for different servers. > @@ -760,8 +763,8 @@ config USER_NS > > config PID_NS > bool "PID Namespaces" > - default n > depends on NAMESPACES > + default y > help > Support process id namespaces. This allows having multiple > processes with the same pid as long as they are in different > @@ -769,8 +772,8 @@ config PID_NS > > config NET_NS > bool "Network namespace" > - default n > depends on NAMESPACES && NET > + default y > help > Allow user space to create what appear to be multiple instances > of the network stack. > _ ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
[Devel] Re: [PATCH 2/2] Kconfig : default all the namespaces to 'yes'
On Wed, 13 Oct 2010 09:44:30 -0500 "Serge E. Hallyn" wrote: > Quoting Daniel Lezcano (daniel.lezc...@free.fr): > > On 10/12/2010 07:16 PM, Serge E. Hallyn wrote: > > >Quoting Matt Helsley (matth...@us.ibm.com): > > >>On Thu, Oct 07, 2010 at 03:15:33PM +0200, Daniel Lezcano wrote: > > >>>As the different namespaces depend on 'CONFIG_NAMESPACES', it is > > >>>logical to enable all the namespaces when we enable NAMESPACES. > > >>> > > >>>Signed-off-by: Daniel Lezcano > > >>Subject of the patch email is a little confusing as it's not > > >>quite what happens. I'm mostly OK with it but I'm not sure we > > >>should enable user-ns by default just yet. > > >> > > >>Acked-By: Matt Helsley > > >In fact, perhaps we should keep the experimental tag on user namespaces. > > > > The experimental tag is kept on the user namespace. This one is > > defaulting to yes when the namespaces and experimental are selected. > > Oh, sounds good > My attention flagged. Can we please confirm that the current patch is still good? From: Daniel Lezcano As the different namespaces depend on 'CONFIG_NAMESPACES', it is logical to enable all the namespaces when we enable NAMESPACES. Signed-off-by: Daniel Lezcano Cc: "Eric W. Biederman" Cc: David Miller Acked-By: Matt Helsley Signed-off-by: Andrew Morton --- init/Kconfig |7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff -puN init/Kconfig~namespaces-default-all-the-namespaces-to-yes-when-config_namespaces-is-selected init/Kconfig --- a/init/Kconfig~namespaces-default-all-the-namespaces-to-yes-when-config_namespaces-is-selected +++ a/init/Kconfig @@ -739,6 +739,7 @@ config NAMESPACES config UTS_NS bool "UTS namespace" depends on NAMESPACES + default y help In this namespace tasks see different info provided with the uname() system call @@ -746,6 +747,7 @@ config UTS_NS config IPC_NS bool "IPC namespace" depends on NAMESPACES && (SYSVIPC || POSIX_MQUEUE) + default y help In this namespace tasks work with IPC ids which correspond to different IPC objects in different namespaces. @@ -753,6 +755,7 @@ config IPC_NS config USER_NS bool "User namespace (EXPERIMENTAL)" depends on NAMESPACES && EXPERIMENTAL + default y help This allows containers, i.e. vservers, to use user namespaces to provide different user info for different servers. @@ -760,8 +763,8 @@ config USER_NS config PID_NS bool "PID Namespaces" - default n depends on NAMESPACES + default y help Support process id namespaces. This allows having multiple processes with the same pid as long as they are in different @@ -769,8 +772,8 @@ config PID_NS config NET_NS bool "Network namespace" - default n depends on NAMESPACES && NET + default y help Allow user space to create what appear to be multiple instances of the network stack. _ ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
[Devel] Re: [PATCH 2/2] Kconfig : default all the namespaces to 'yes'
Quoting Daniel Lezcano (daniel.lezc...@free.fr): > On 10/12/2010 07:16 PM, Serge E. Hallyn wrote: > >Quoting Matt Helsley (matth...@us.ibm.com): > >>On Thu, Oct 07, 2010 at 03:15:33PM +0200, Daniel Lezcano wrote: > >>>As the different namespaces depend on 'CONFIG_NAMESPACES', it is > >>>logical to enable all the namespaces when we enable NAMESPACES. > >>> > >>>Signed-off-by: Daniel Lezcano > >>Subject of the patch email is a little confusing as it's not > >>quite what happens. I'm mostly OK with it but I'm not sure we > >>should enable user-ns by default just yet. > >> > >>Acked-By: Matt Helsley > >In fact, perhaps we should keep the experimental tag on user namespaces. > > The experimental tag is kept on the user namespace. This one is > defaulting to yes when the namespaces and experimental are selected. Oh, sounds good -serge ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
[Devel] Re: [PATCH 2/2] Kconfig : default all the namespaces to 'yes'
On 10/12/2010 07:16 PM, Serge E. Hallyn wrote: > Quoting Matt Helsley (matth...@us.ibm.com): > >> On Thu, Oct 07, 2010 at 03:15:33PM +0200, Daniel Lezcano wrote: >> >>> As the different namespaces depend on 'CONFIG_NAMESPACES', it is >>> logical to enable all the namespaces when we enable NAMESPACES. >>> >>> Signed-off-by: Daniel Lezcano >>> >> Subject of the patch email is a little confusing as it's not >> quite what happens. I'm mostly OK with it but I'm not sure we >> should enable user-ns by default just yet. >> >> Acked-By: Matt Helsley >> > In fact, perhaps we should keep the experimental tag on user namespaces. > The experimental tag is kept on the user namespace. This one is defaulting to yes when the namespaces and experimental are selected. ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
[Devel] Re: [PATCH 2/2] Kconfig : default all the namespaces to 'yes'
Quoting Matt Helsley (matth...@us.ibm.com): > On Thu, Oct 07, 2010 at 03:15:33PM +0200, Daniel Lezcano wrote: > > As the different namespaces depend on 'CONFIG_NAMESPACES', it is > > logical to enable all the namespaces when we enable NAMESPACES. > > > > Signed-off-by: Daniel Lezcano > > Subject of the patch email is a little confusing as it's not > quite what happens. I'm mostly OK with it but I'm not sure we > should enable user-ns by default just yet. > > Acked-By: Matt Helsley In fact, perhaps we should keep the experimental tag on user namespaces. If/when I/someone returns to heavy hacking on user namespaces, the changes will be very invasive. (Of course then we get back to questions of the usefulness of experimental tag) In particular, when we start refusing access for certain accesses between user namespaces, it might confuse userspace. Definately Ack to the other two. -serge ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
[Devel] Re: [PATCH 2/2] Kconfig : default all the namespaces to 'yes'
On Thu, Oct 07, 2010 at 03:15:33PM +0200, Daniel Lezcano wrote: > As the different namespaces depend on 'CONFIG_NAMESPACES', it is > logical to enable all the namespaces when we enable NAMESPACES. > > Signed-off-by: Daniel Lezcano Subject of the patch email is a little confusing as it's not quite what happens. I'm mostly OK with it but I'm not sure we should enable user-ns by default just yet. Acked-By: Matt Helsley > --- > init/Kconfig |7 +-- > 1 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/init/Kconfig b/init/Kconfig > index a52124e..a7fe61e 100644 > --- a/init/Kconfig > +++ b/init/Kconfig > @@ -739,6 +739,7 @@ config NAMESPACES > config UTS_NS > bool "UTS namespace" > depends on NAMESPACES > + default y > help > In this namespace tasks see different info provided with the > uname() system call > @@ -746,6 +747,7 @@ config UTS_NS > config IPC_NS > bool "IPC namespace" > depends on NAMESPACES && (SYSVIPC || POSIX_MQUEUE) > + default y > help > In this namespace tasks work with IPC ids which correspond to > different IPC objects in different namespaces. > @@ -753,6 +755,7 @@ config IPC_NS > config USER_NS > bool "User namespace (EXPERIMENTAL)" > depends on NAMESPACES && EXPERIMENTAL > + default y > help > This allows containers, i.e. vservers, to use user namespaces > to provide different user info for different servers. > @@ -760,8 +763,8 @@ config USER_NS > > config PID_NS > bool "PID Namespaces" > - default n > depends on NAMESPACES > + default y > help > Support process id namespaces. This allows having multiple > processes with the same pid as long as they are in different > @@ -769,8 +772,8 @@ config PID_NS > > config NET_NS > bool "Network namespace" > - default n > depends on NAMESPACES && NET > + default y > help > Allow user space to create what appear to be multiple instances > of the network stack. > -- > 1.7.0.4 > > ___ > Containers mailing list > contain...@lists.linux-foundation.org > https://lists.linux-foundation.org/mailman/listinfo/containers ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
