[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Running guix-daemon as an unprivileged user
From: |
Ludovic Courtès |
Subject: |
Re: Running guix-daemon as an unprivileged user |
Date: |
Sun, 23 Aug 2015 19:28:59 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
"Thompson, David" <address@hidden> skribis:
> Yes, user namespaces can be created by unprivileged users. The user
> that created the namespace then has root in the context of the new
> namespace, which allows for creating all of the other types of
> namespaces. There's been some bumps along the way, such as a security
> bug with groups that prompted the addition of the
> /proc/<pid>/setgroups file in Linux 3.19 (I think) that has since been
> backported to earlier kernel releases, the oldest I know of being
> 3.13. But overall, this feature is very good and using it for Guix
> would allow for the unprivileged daemon to take advantage of almost
> all of the isolation techniques used by the privileged daemon.
That’d be a very nice thing to have.
Thanks,
Ludo’.
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), (continued)
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), Eric Bavier, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), Thompson, David, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), Thompson, David, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user,
Ludovic Courtès <=
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), Eric Bavier, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/18
- Re: Running guix-daemon as an unprivileged user, Ludovic Courtès, 2015/08/23