Re: [PATCH 2/8] user_ns: Introduce user_nsmap_uid and user_ns_map_gid.

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public•gmane.org>
To: "Eric W. Biederman"
	<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public•gmane.org>,
	David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public•gmane.org>
Cc: Linux Containers
	<containers-qjLDD68F18O7TbgM5vRIOg@public•gmane.org>,
	Serge Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public•gmane.org>,
	netdev-u79uwXL29TY76Z2rM5mHXA@public•gmane.org
Subject: Re: [PATCH 2/8] user_ns: Introduce user_nsmap_uid and user_ns_map_gid.
Date: Tue, 15 Jun 2010 12:02:17 +0400	[thread overview]
Message-ID: <4C173389.1010000@openvz.org> (raw)
In-Reply-To: <m17hm3hxjw.fsf_-_-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>

On 06/13/2010 05:28 PM, Eric W. Biederman wrote:
> 
> Define what happens when a we view a uid from one user_namespace
> in another user_namepece.
> 
> - If the user namespaces are the same no mapping is necessary.
> 
> - For most cases of difference use overflowuid and overflowgid,
>   the uid and gid currently used for 16bit apis when we have a 32bit uid
>   that does fit in 16bits.  Effectively the situation is the same,
>   we want to return a uid or gid that is not assigned to any user.
> 
> - For the case when we happen to be mapping the uid or gid of the
>   creator of the target user namespace use uid 0 and gid as confusing
>   that user with root is not a problem.
> 
> Signed-off-by: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public•gmane.org>

I suppose this one should go via Andrew, not Dave.

Anyway, Acked-by: Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public•gmane.org>

next prev parent reply	other threads:[~2010-06-15  8:02 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-06-13 13:25 [PATCH 0/8] Support unix domain sockets across namespaces Eric W. Biederman
2010-06-13 13:27 ` [PATCH 1/8] scm: Reorder scm_cookie Eric W. Biederman
2010-06-13 13:28   ` [PATCH 2/8] user_ns: Introduce user_nsmap_uid and user_ns_map_gid Eric W. Biederman
     [not found]     ` <m17hm3hxjw.fsf_-_-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-15  8:02       ` Pavel Emelyanov [this message]
2010-06-15 22:37         ` Eric W. Biederman
2010-06-15 20:58     ` Serge E. Hallyn
2010-06-15  8:00   ` [PATCH 1/8] scm: Reorder scm_cookie Pavel Emelyanov
2010-06-13 13:28 ` [PATCH 3/8] sock: Introduce cred_to_ucred Eric W. Biederman
2010-06-15  8:03   ` Pavel Emelyanov
2010-06-13 13:30 ` [PATCH 4/8] af_unix: Allow SO_PEERCRED to work across namespaces Eric W. Biederman
2010-06-14 13:37   ` Daniel Lezcano
2010-06-15  8:04   ` Pavel Emelyanov
2010-06-13 13:31 ` [PATCH 5/8] af_netlink: Add needed scm_destroy after scm_send Eric W. Biederman
2010-06-14 13:37   ` Daniel Lezcano
2010-06-15  8:06   ` Pavel Emelyanov
2010-06-13 13:32 ` [PATCH 6/8] scm: Capture the full credentials of the scm sender Eric W. Biederman
2010-06-15  8:08   ` Pavel Emelyanov
2010-06-15  9:53     ` Eric W. Biederman
2010-06-15 21:45   ` Serge E. Hallyn
2010-06-15 22:08     ` Eric W. Biederman
2010-06-16  4:47       ` Serge E. Hallyn
2010-06-13 13:34 ` [PATCH 7/8] af_unix: Allow credentials to work across user and pid namespaces Eric W. Biederman
     [not found]   ` <m17hm3giom.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-15  8:11     ` Pavel Emelyanov
2010-06-13 13:35 ` [PATCH 8/8] af_unix: Allow connecting to sockets in other network namespaces Eric W. Biederman
2010-06-14 13:37   ` Daniel Lezcano
     [not found]   ` <m11vcbgimj.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-15  8:12     ` Pavel Emelyanov
2010-06-16 22:15 ` [PATCH 0/8] Support unix domain sockets across namespaces David Miller
2010-06-16 23:17   ` David Miller
2010-06-16 23:32     ` Eric W. Biederman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C173389.1010000@openvz.org \
    --to=xemul-gefaqzzx7r8dnm+yrofe0a@public$(echo .)gmane.org \
    --cc=containers-qjLDD68F18O7TbgM5vRIOg@public$(echo .)gmane.org \
    --cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public$(echo .)gmane.org \
    --cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public$(echo .)gmane.org \
    --cc=netdev-u79uwXL29TY76Z2rM5mHXA@public$(echo .)gmane.org \
    --cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public$(echo .)gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox