Re: patchset to enable user namespaces

To: Ben Hutchings <ben@decadent.org.uk>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>, Andy Whitcroft <apw@canonical.com>, kernel-team@lists.ubuntu.com, Debian kernel maintainers <debian-kernel@lists.debian.org>
Subject: Re: patchset to enable user namespaces
From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Tue, 1 Oct 2013 00:03:49 -0500
Message-id: <[🔎] 20131001050349.GA18119@tp>
In-reply-to: <20130930181808.GO7729@decadent.org.uk>
References: <20130923220826.GA5332@sergelap> <20130924091038.GH13914@dm> <1380510854.14493.42.camel@deadeye.wl.decadent.org.uk> <87bo3afdud.fsf@xmission.com> <20130930181808.GO7729@decadent.org.uk>

Quoting Ben Hutchings (ben@decadent.org.uk):
> On Mon, Sep 30, 2013 at 09:56:10AM -0700, Eric W. Biederman wrote:
> > Ben Hutchings <ben@decadent.org.uk> writes:
> > 
> > > On Tue, 2013-09-24 at 10:10 +0100, Andy Whitcroft wrote:
> > >> On Mon, Sep 23, 2013 at 05:08:26PM -0500, Serge Hallyn wrote:
> > >> > Hi,
> > >> > 
> > >> > The final patches needed to resolve conflicts between XFS and user
> > >> > namespaces are in 3.12.  I've backported them to saucy at
> > >> > 
> > >> > 	http://kernel.ubuntu.com/git?p=serge/ubuntu-saucy.git;a=summary # m.sep23.xfs2
> > >> > 
> > >> > This has 7 patches cherrypicked from Linus' tree, one patch by
> > >> > myself to add a sysctl, default off, to enable unprivileged use
> > >> > of CLONE_NEWUSER, and a packaging patch to set CONFIG_USER_NS=y.
> > >> 
> > >> These are pretty big patches to be bringing so late to the party.  I am
> > >> particularly concerned that you have missed the beta deadline so we will
> > >> be shovelling this into the kernel after the majority of the testing has
> > >> been completed.
> > >> 
> > >> I assume we need these XFS patches because you cannot enable USER_NS at
> > >> all without disabling XFS en-toto, an obvious no-no.  What feature does
> > >> this new code enable which would be lost if we don't have them.
> > >> 
> > >> On the unpriveleged setup, I presume we are saying upstream will allow
> > >> it by default, it is just us who are adding this possible cut off if
> > >> there are issues?
> > > [...]
> > >
> > > I was planning to include the same sort of knob when USER_NS is enabled
> > > in Debian.  I can probably just copy your patch now.
> > 
> > Grumble.  Just kill the binary sysctl bits from that patch.
> >
> > I sent an email mentioning that the sysctl change didn't need to
> > allocate any binary numbers but I think it may have been eaten by a
> > grue.
> 
> No, I've seen your email and I'm assuming the actual committed version
> won't have a binary sysctl.

Sorry I never fixed that.  I've actually removed the sysctl from my
latest ppa kernel, as it is not something we want long-term.  Though if
the rm/DOS issue is not addressed in the next few weeks (when I next try
to push it into our s+1 tree) I'll have to re-introduce it.

-serge

Reply to:

Prev by Date: Bug#725065: WARNING: at /build/linux-BPzSEt/linux-3.10.11/block/blk-core.c:493 blk_queue_bypass_end+0x43/0x57()
Next by Date: Bug#725075: linux-tools-3.10: perf record -g option doesn't support "dwarf" method
Previous by thread: Bug#725065: WARNING: at /build/linux-BPzSEt/linux-3.10.11/block/blk-core.c:493 blk_queue_bypass_end+0x43/0x57()
Next by thread: Bug#725075: linux-tools-3.10: perf record -g option doesn't support "dwarf" method
Index(es):
- Date
- Thread