[BREAKAGE] Since 4.18, kernel sets SB_I_NODEV implicitly on userns mounts, breaking systemd-nspawn Hi, first off, allow me to express that this is my first time ever writing on such a mailing list, and that if something is unclear or you would need more information, just let me know. I write to this list in hoping to see this change reverted. The linux kernel always said it would avoid breaking us
This series introduces a new namespace for binfmt_misc. This allows to define a new interpreter for each new container. But the main goal is to be able to chroot to a directory using a binfmt_misc interpreter without being root. I have a modified version of unshare at: git@github.com:vivier/util-linux.git branch unshare-chroot with some new options to unshare binfmt_misc namespace and to chroot to
[REVIEW][PATCH 0/6] Wrapping up the vfs support for unprivileged mounts Very slowly the work has been progressing to ensure the vfs has the necessary support for mounting filesystems without privilege. This patchset contains one more core piece of that work, ensuring a few more operations that would write back an inode and confuse an exisiting filesystem are denied. The rest of the changes actuall
Linus, Please pull the latest x86-build-for-linus git tree from: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86-build-for-linus # HEAD: d6289f36aa7d5893d091a7a0c67eee7798719f03 x86/build: Don't pass in -D__KERNEL__ multiple times The biggest change is the forcing of asm-goto support on x86, which effectively increases the GCC minimum supported version to gcc-4.5 (on x86). There's al
From: Alban Crequy <alban@kinvolk.io> The act of a process creating or joining a namespace via clone(), unshare() or setns() is a useful signal for monitoring applications. I am working on a monitoring application that keeps track of all the containers and all processes inside each container. The current way of doing it is by polling regularly in /proc for the list of processes and in /proc/*/ns/*
This allows any subtree to be uid/gid shifted and bound elsewhere. It does this by operating simlarly to overlayfs, except that since there's only a single underlying layer, all dentry lookups go through this. Its primary use is for shifting the underlying uids of filesystems used to support unpriviliged (uid shifted) containers. The usual use case here is that the container is operating with an u
Second take at the Cgroup Namespace patch-set. Major changes form RFC (V0): 1. setns support for cgroupns 2. 'mount -t cgroup cgroup <mntpt>' from inside a cgroupns now mounts the cgroup hierarcy with cgroupns-root as the filesystem root. 3. writes to cgroup files outside of cgroupns-root are not allowed 4. visibility of /proc/<pid>/cgroup is further restricted by not showing anything if the <pid>
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く