[PATCH 0/3] Introduce user namespace capabilities
Jarkko Sakkinen
jarkko at kernel.org
Tue May 21 14:12:16 UTC 2024
On Tue May 21, 2024 at 4:57 PM EEST, John Johansen wrote:
> > One tip: I think this is wrong forum to present namespace ideas in the
> > first place. It would be probably better to talk about this with e.g.
> > systemd or podman developers, and similar groups. There's zero evidence
> > of the usefulness. Then when you go that route and come back with actual
> > users, things click much more easily. Now this is all in the void.
> >
> > BR, Jarkko
>
> Jarkko,
>
> this is very much the right forum. User namespaces exist today. This
> is a discussion around trying to reduce the exposed kernel surface
> that is being used to attack the kernel.
Agreed, that was harsh way to put it. What I mean is that if this
feature was included, would it be enabled by distributions?
This user base part or potential user space part is not very well
described in the cover letter. I.e. "motivation" to put it short.
I mean the technical details are really in detail in this patch set but
it would help to digest them if there was some even rough description
how this would be deployed.
If the motivation should be obvious, then it is beyond me, and thus
would be nice if that obvious thing was stated that everyone else gets.
E.g. I like to sometimes just test quite alien patch sets for the sake
of learning and fun (or not so fun, depends) but this patch set does not
deliver enough information to do anything at all.
Hope this clears a bit where I stand. IMHO a good patch set should bring
the details to the specialists on the topic but also have some wider
audience motivational stuff in order to make clear where it fits in this
world :-)
BR, Jarkko
More information about the Linux-security-module-archive
mailing list