Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

From: Alexander Larsson <alexl redhat com>
To: "Eric W. Biederman" <ebiederm xmission com>
Cc: gnome-os-list gnome org, Linux Containers <containers lists linux-foundation org>, "linux-kernel vger kernel org" <linux-kernel vger kernel org>, Andy Lutomirski <luto amacapital net>, James Bottomley <James Bottomley hansenpartnership com>, mclasen redhat com, Linux FS Devel <linux-fsdevel vger kernel org>
Subject: Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options
Date: Thu, 28 May 2015 22:06:17 +0200

On Thu, 2015-05-28 at 12:14 -0500, Eric W. Biederman wrote:

Where does the second namespace enter into this?


Step a.  Create create a user namespace where uid 0 is mapped to your
real uid, and set up your sandbox (aka mount /dev/pts and everything
else).

Step b.  Create a nested user namespace where your uid is identity
mapped and run your desktop application.  You can even drop all caps 
in
your namespace.


Just tried this. Its not the nicest, and it doubles the number of
namespaces in action for each sandbox, but it does work.

Follow-Ups:
- Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options
  - From: Kenton Varda

References:
- Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options
  - From: Andy Lutomirski
- Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options
  - From: Eric W. Biederman
- Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options
  - From: Alexander Larsson
- Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options
  - From: Eric W. Biederman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]