[9fans] 1/2 OT: per-process mounts/namespace @ Linux

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

* [9fans] 1/2 OT: per-process mounts/namespace @ Linux
@ 2007-09-07 20:09 Enrico Weigelt
  2007-09-07 20:15 ` Eric Van Hensbergen
  0 siblings, 1 reply; 8+ messages in thread
From: Enrico Weigelt @ 2007-09-07 20:09 UTC (permalink / raw)
  To: Fans of the OS Plan 9 from Bell Labs

Hi folks,

I was just reading some older mails on this list and thinking
about how to mimic the plan9 behaviour of local namespaces on
Linux. My idea is:

* each namespace is just some directory, ie. living somewhere
  under /.NAMESPACES/, maybe /.NAMESPACES/<pid>/
* these namespaces are maintained by either some daemon or
  an special synthetic filesystem
* processes with private namespaces are chroot()'ed to their
  own namespace directory.

What do you think about this ?

cu
--
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT service - http://www.metux.de/
---------------------------------------------------------------------
 Please visit the OpenSource QM Taskforce:
 	http://wiki.metux.de/public/OpenSource_QM_Taskforce
 Patches / Fixes for a lot dozens of packages in dozens of versions:
	http://patches.metux.de/
---------------------------------------------------------------------

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [9fans] 1/2 OT: per-process mounts/namespace @ Linux
  2007-09-07 20:09 [9fans] 1/2 OT: per-process mounts/namespace @ Linux Enrico Weigelt
@ 2007-09-07 20:15 ` Eric Van Hensbergen
  2007-09-07 21:26   ` David Leimbach
  0 siblings, 1 reply; 8+ messages in thread
From: Eric Van Hensbergen @ 2007-09-07 20:15 UTC (permalink / raw)
  To: weigelt, Fans of the OS Plan 9 from Bell Labs

Linux actually has private namespaces, its just off by default.  There
is a flag to clone which can be used to establish new processes in
private namespaces (CLONENS or some such thng).

Primary downside is that its superuser only -- but you could get
around it with setuid or custom kernel.

             -eric


On 9/7/07, Enrico Weigelt <weigelt@metux.de> wrote:
>
> Hi folks,
>
>
> I was just reading some older mails on this list and thinking
> about how to mimic the plan9 behaviour of local namespaces on
> Linux. My idea is:
>
> * each namespace is just some directory, ie. living somewhere
>   under /.NAMESPACES/, maybe /.NAMESPACES/<pid>/
> * these namespaces are maintained by either some daemon or
>   an special synthetic filesystem
> * processes with private namespaces are chroot()'ed to their
>   own namespace directory.
>
>
> What do you think about this ?
>
>
> cu
> --
> ---------------------------------------------------------------------
>  Enrico Weigelt    ==   metux IT service - http://www.metux.de/
> ---------------------------------------------------------------------
>  Please visit the OpenSource QM Taskforce:
>         http://wiki.metux.de/public/OpenSource_QM_Taskforce
>  Patches / Fixes for a lot dozens of packages in dozens of versions:
>         http://patches.metux.de/
> ---------------------------------------------------------------------
>


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [9fans] 1/2 OT: per-process mounts/namespace @ Linux
  2007-09-07 20:15 ` Eric Van Hensbergen
@ 2007-09-07 21:26   ` David Leimbach
  2007-09-07 21:38     ` Charles Forsyth
                       ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: David Leimbach @ 2007-09-07 21:26 UTC (permalink / raw)
  To: Fans of the OS Plan 9 from Bell Labs

[-- Attachment #1: Type: text/plain, Size: 501 bytes --]

On 9/7/07, Eric Van Hensbergen <ericvh@gmail.com> wrote:
>
> Linux actually has private namespaces, its just off by default.  There
> is a flag to clone which can be used to establish new processes in
> private namespaces (CLONENS or some such thng).
>
> Primary downside is that its superuser only -- but you could get
> around it with setuid or custom kernel.
>
>              -eric
>
>
Then you have to worry about what happens when people do things like binding
over /etc/passwd :-)

[-- Attachment #2: Type: text/html, Size: 934 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [9fans] 1/2 OT: per-process mounts/namespace @ Linux
  2007-09-07 21:26   ` David Leimbach
@ 2007-09-07 21:38     ` Charles Forsyth
  2007-09-07 22:21     ` Latchesar Ionkov
  2007-09-07 22:45     ` ron minnich
  2 siblings, 0 replies; 8+ messages in thread
From: Charles Forsyth @ 2007-09-07 21:38 UTC (permalink / raw)
  To: 9fans

> Then you have to worry about what happens when people do things like binding
> over /etc/passwd :-)

no, you need to worry why that is still there.



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [9fans] 1/2 OT: per-process mounts/namespace @ Linux
  2007-09-07 21:26   ` David Leimbach
  2007-09-07 21:38     ` Charles Forsyth
@ 2007-09-07 22:21     ` Latchesar Ionkov
  2007-09-07 22:27       ` Eric Van Hensbergen
  2007-09-07 22:45       ` ron minnich
  2007-09-07 22:45     ` ron minnich
  2 siblings, 2 replies; 8+ messages in thread
From: Latchesar Ionkov @ 2007-09-07 22:21 UTC (permalink / raw)
  To: Fans of the OS Plan 9 from Bell Labs

The simple solution would be to disable setuid/setgid flags for
private namespaces of users other than root. And then (not so simple)
fix programs
that don't work :)

   Lucho


On 9/7/07, David Leimbach <leimy2k@gmail.com> wrote:
>
>
> On 9/7/07, Eric Van Hensbergen <ericvh@gmail.com> wrote:
> > Linux actually has private namespaces, its just off by default.  There
> > is a flag to clone which can be used to establish new processes in
> > private namespaces (CLONENS or some such thng).
> >
> > Primary downside is that its superuser only -- but you could get
> > around it with setuid or custom kernel.
> >
> >              -eric
> >
> >
>
> Then you have to worry about what happens when people do things like binding
> over /etc/passwd :-)
>
>
>
>


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [9fans] 1/2 OT: per-process mounts/namespace @ Linux
  2007-09-07 22:21     ` Latchesar Ionkov
@ 2007-09-07 22:27       ` Eric Van Hensbergen
  2007-09-07 22:45       ` ron minnich
  1 sibling, 0 replies; 8+ messages in thread
From: Eric Van Hensbergen @ 2007-09-07 22:27 UTC (permalink / raw)
  To: Fans of the OS Plan 9 from Bell Labs

There has been extensive discussion of multiple options here -- the
least of which is the paper I presented at OLS a few years back (Glen
or Glenda: http://citeseer.ist.psu.edu/vanhensbergen05glen.html).
There's an approachable list of safeguards.  Of course, if its your
desktop, you probably don't care to implement any of them...

    -eric


On 9/7/07, Latchesar Ionkov <lucho@gmx.net> wrote:
> The simple solution would be to disable setuid/setgid flags for
> private namespaces of users other than root. And then (not so simple)
> fix programs
> that don't work :)
>
>    Lucho
>
>
> On 9/7/07, David Leimbach <leimy2k@gmail.com> wrote:
> >
> >
> > On 9/7/07, Eric Van Hensbergen <ericvh@gmail.com> wrote:
> > > Linux actually has private namespaces, its just off by default.  There
> > > is a flag to clone which can be used to establish new processes in
> > > private namespaces (CLONENS or some such thng).
> > >
> > > Primary downside is that its superuser only -- but you could get
> > > around it with setuid or custom kernel.
> > >
> > >              -eric
> > >
> > >
> >
> > Then you have to worry about what happens when people do things like binding
> > over /etc/passwd :-)
> >
> >
> >
> >
>


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [9fans] 1/2 OT: per-process mounts/namespace @ Linux
  2007-09-07 21:26   ` David Leimbach
  2007-09-07 21:38     ` Charles Forsyth
  2007-09-07 22:21     ` Latchesar Ionkov
@ 2007-09-07 22:45     ` ron minnich
  2 siblings, 0 replies; 8+ messages in thread
From: ron minnich @ 2007-09-07 22:45 UTC (permalink / raw)
  To: Fans of the OS Plan 9 from Bell Labs

On 9/7/07, David Leimbach <leimy2k@gmail.com> wrote:

> Then you have to worry about what happens when people do things like binding
> over /etc/passwd :-)

See all my old stuff from 2.0.36

rules: you can only make a private name space in /private
and, by definition, no special inode bits -- which was a feature to
me, I was ambivalent on the .u extensions.

I think that made it impossible to fake out the usual stuff.

ron

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [9fans] 1/2 OT: per-process mounts/namespace @ Linux
  2007-09-07 22:21     ` Latchesar Ionkov
  2007-09-07 22:27       ` Eric Van Hensbergen
@ 2007-09-07 22:45       ` ron minnich
  1 sibling, 0 replies; 8+ messages in thread
From: ron minnich @ 2007-09-07 22:45 UTC (permalink / raw)
  To: Fans of the OS Plan 9 from Bell Labs

On 9/7/07, Latchesar Ionkov <lucho@gmx.net> wrote:
> The simple solution would be to disable setuid/setgid flags for
> private namespaces of users other than root. And then (not so simple)
> fix programs
> that don't work :)

There's the other usual nonsense, such as device inodes etc. It's not
just setuid. But it's all pretty easy to fix.

ron


^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2007-09-07 22:45 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-09-07 20:09 [9fans] 1/2 OT: per-process mounts/namespace @ Linux Enrico Weigelt
2007-09-07 20:15 ` Eric Van Hensbergen
2007-09-07 21:26   ` David Leimbach
2007-09-07 21:38     ` Charles Forsyth
2007-09-07 22:21     ` Latchesar Ionkov
2007-09-07 22:27       ` Eric Van Hensbergen
2007-09-07 22:45       ` ron minnich
2007-09-07 22:45     ` ron minnich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).