• E
    userns: Allow unprivileged users to create user namespaces. · 5eaf563e
    Eric W. Biederman 提交于
    Now that we have been through every permission check in the kernel
    having uid == 0 and gid == 0 in your local user namespace no
    longer adds any special privileges.  Even having a full set
    of caps in your local user namespace is safe because capabilies
    are relative to your local user namespace, and do not confer
    unexpected privileges.
    
    Over the long term this should allow much more of the kernels
    functionality to be safely used by non-root users.  Functionality
    like unsharing the mount namespace that is only unsafe because
    it can fool applications whose privileges are raised when they
    are executed.  Since those applications have no privileges in
    a user namespaces it becomes safe to spoof and confuse those
    applications all you want.
    
    Those capabilities will still need to be enabled carefully because
    we may still need things like rlimits on the number of unprivileged
    mounts but that is to avoid DOS attacks not to avoid fooling root
    owned processes.
    Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
    Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
    5eaf563e
fork.c 44.2 KB