Re: [RCF] [PATCH] unprivileged mount/umount

[Jamie Lokier]

Bodo Eggert wrote:
> > > > How about a new clone option "CLONE_NOSUID"?
> > > 
> > > IMO, the clone call ist the wrong place to create namespaces. It
> > > should be deprecated by a mkdir/chdir-like interface.
> > 
> > And the mkdir/chdir interface already exists, see "cd /proc/NNN/root".
> 
> If you want persistent namespaces, this will be a PITA (I don't want a 
> keep-the-namespace-open-daemon), and if you don't, it will be racy 
> (user a logs in, while his second/nth login expires).
> 
> Keeping a list of named namespaces in kernel can be made cheap and secure.

Still easy.

To keep persistent named namespaces in /var/namespaces, thus:

     # Just once please!
     mount -t tmpfs none /var/namespaces

     # Make a named namespace.
     NSNAME='fred'
     mkdir /var/namespaces/$NSNAME
     run_in_new_namespace mount -t bind / /var/namespaces/$NSNAME

     # Make a named namespace for the _original_ namespace.
     mkdir /var/namespaces/initial
     mount -t bind / /var/namespaces/initial

     # Access the namespace.
     ls /var/namespaces/fred

     # Enter the namespace.
     chroot /var/namespaces/fred

     # Delete a named namespace.
     NSNAME='fred'
     umount /var/namespaces/$NSNAME
     rmdir /var/namespaces/$NSNAME

Some of the above will fail due to security checks in fs/namespace.c,
where it tests against current->namespace.  Without those checks,
which seem to have no purpose _other_ than preventing the above usage,
I think the above would all work.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/