[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] Introducing bubblewrap

From: Muayyad AlSadi <alsadi gmail com>
To: Daniel J Walsh <dwalsh redhat com>
Cc: atomic-devel <atomic-devel projectatomic io>
Subject: Re: [atomic-devel] Introducing bubblewrap
Date: Fri, 6 May 2016 22:46:14 +0300

long long ago we had this < https://fedoraproject.org/wiki/Features/RemoveSETUID

> There is probably a good case to be made that setuid is more security then a random service that can setup

I totally agree, but my humble (maybe ignorant and less informed) idea is something like pam_oddjob_mkhomedir

it's a process (protected by policy kit) which has a small humble job, which is to configure network (ex. add veth pair to some bridge and the given user container)

Follow-Ups:
- Re: [atomic-devel] Introducing bubblewrap
  - From: Daniel J Walsh

References:
- [atomic-devel] Introducing bubblewrap
  - From: Colin Walters
- Re: [atomic-devel] Introducing bubblewrap
  - From: Josh Berkus
- Re: [atomic-devel] Introducing bubblewrap
  - From: Daniel J Walsh
- Re: [atomic-devel] Introducing bubblewrap
  - From: Karanbir Singh
- Re: [atomic-devel] Introducing bubblewrap
  - From: Muayyad AlSadi
- Re: [atomic-devel] Introducing bubblewrap
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]