From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: Date: Fri, 7 Sep 2007 17:27:40 -0500 From: "Eric Van Hensbergen" To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu> Subject: Re: [9fans] 1/2 OT: per-process mounts/namespace @ Linux In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070907200915.GA20929@nibiru.local> <3e1162e60709071426mf4a4ea2kfdb4500fe763b0a9@mail.gmail.com> Topicbox-Message-UUID: bb3278d2-ead2-11e9-9d60-3106f5b1d025 There has been extensive discussion of multiple options here -- the least of which is the paper I presented at OLS a few years back (Glen or Glenda: http://citeseer.ist.psu.edu/vanhensbergen05glen.html). There's an approachable list of safeguards. Of course, if its your desktop, you probably don't care to implement any of them... -eric On 9/7/07, Latchesar Ionkov wrote: > The simple solution would be to disable setuid/setgid flags for > private namespaces of users other than root. And then (not so simple) > fix programs > that don't work :) > > Lucho > > > On 9/7/07, David Leimbach wrote: > > > > > > On 9/7/07, Eric Van Hensbergen wrote: > > > Linux actually has private namespaces, its just off by default. There > > > is a flag to clone which can be used to establish new processes in > > > private namespaces (CLONENS or some such thng). > > > > > > Primary downside is that its superuser only -- but you could get > > > around it with setuid or custom kernel. > > > > > > -eric > > > > > > > > > > Then you have to worry about what happens when people do things like binding > > over /etc/passwd :-) > > > > > > > > >