X-Original-To: alpine-devel@lists.alpinelinux.org Received: from palpatine.steven-mcdonald.id.au (palpatine.steven-mcdonald.id.au [173.230.144.109]) by lists.alpinelinux.org (Postfix) with ESMTP id 607FD5C49E7 for ; Sun, 28 May 2017 02:33:00 +0000 (GMT) Received: from tuvix.sjm.so (s559674d0.adsl.online.nl [85.150.116.208]) by palpatine.steven-mcdonald.id.au (Postfix) with ESMTPSA id 058F19D; Sun, 28 May 2017 12:32:58 +1000 (AEST) Date: Sun, 28 May 2017 04:32:55 +0200 From: Steven McDonald To: 7heo <7heo@mail.com> Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] uuns: Unprivileged user namespaces on hardened kernel Message-ID: <20170528043255.6e7e68b3@tuvix.sjm.so> In-Reply-To: References: <20170522140741.52076a6b@tuvix.sjm.so> X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-unknown-openbsd6.1) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Mon, 22 May 2017 13:19:59 +0000 7heo <7heo@mail.com> wrote: > I like its simplicity and default behavior to start a shell. > > I am not very familiar with namespaces myself, but this looks like a > good idea. > > I'll try it when I have time. Thanks for the feedback. After some more experimentation, I think this is actually not very useful. The same thing can be accomplished by simply creating the namespace as root and then mapping a different user to root inside the namespace. The documentation had initially lead me to believe otherwise. I'll leave this up on GitHub in case somebody else has a use for it, but I probably won't be doing anything else with it myself. --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---