[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] systemd as pid 1 in an unprivileged container.

From: Alexander Larsson <alexl redhat com>
To: Giuseppe Scrivano <gscrivan redhat com>, Tobias Florek <atomic ibotty net>
Cc: Lukáš Nykrýn <lnykryn redhat com>, atomic-devel projectatomic io, Lennart Poettering <lennart poettering net>
Subject: Re: [atomic-devel] systemd as pid 1 in an unprivileged container.
Date: Thu, 13 Oct 2016 15:47:07 +0200

On tor, 2016-10-13 at 15:26 +0200, Giuseppe Scrivano wrote:

> I have more patches to bubblewrap:
> 
> https://github.com/projectatomic/bubblewrap/pull/101
> 
> that are needed to run systemd in it.  I think the overall design,
> and
> that some caps are left only when in a new  user namespace is safe.
> Anyway, they require a very accurate review, as a bug there can open
> the
> door to really bad things.

I'm pretty scared of these, they need a very thorough review.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
       alexl redhat com            alexander larsson gmail com 
He's an impetuous arachnophobic dog-catcher with no name. She's a violent 
motormouth magician's assistant looking for love in all the wrong places. 
They fight crime!

References:
- Re: [atomic-devel] systemd as pid 1 in an unprivileged container.
  - From: Tobias Florek
- Re: [atomic-devel] systemd as pid 1 in an unprivileged container.
  - From: Giuseppe Scrivano

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]