From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arseny@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.1
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=altlinux.org; s=dkim; h=Subject:In-Reply-To:Content-Type:MIME-Version:
 References:Message-ID:To:From:Date:Sender:Reply-To:Cc:
 Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
 List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=Eoi3GmYQiyIGDU/ZtxSkG0PUriyCivW7mpCLeqiI2qI=; b=CWn1L1YyoROQvzxsMkaaY0AuIu
 BLCR1+J8PUr0qMlJMt9sJvkPVLhskdh0meQtflgNaYIEue8bUjST+8y3Hl3sFP/gOOtmWp+7b3Adi
 Gyo8W/RA5Ch8Lzr+vNRYipBeB7JXCRwbFBT4q7QbHY2dUgVIbuzIg4aVI7PqmRa3nyGtVW4MSbQx6
 Gbt0urpVpSOwycgnnLADsKD/HA70VF1ckHg6gjy7k9qr6oTLmr6yU20oZfU1hjEosZUzncOM5N08J
 dsWR8r73eS9Pgx9SNMV1SZGsVckw3VP1DzqAJQOBRsY7BR0wpLnVxspldXwwvuZhONKKGkRtQKhS3
 5pmPdDSg==;
Date: Thu, 18 Nov 2021 15:41:13 +0300
From: Arseny Maslennikov <arseny@altlinux.org>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Message-ID: <YZZJ6f/dq00RFgAI@cello>
References: <20211118143605.742f6370@tower>
 <20211118114356.GA27587@altlinux.org>
 <20211118150641.5faa75bd@sem-notebook.localdomain>
 <20211118121218.GD27587@altlinux.org>
 <60757ca3-47b1-4f4e-c51b-224f30f38cb4@basealt.ru>
 <20211118121825.GE27587@altlinux.org>
 <3ac8fdb5-8839-a17a-4015-03552a70642d@basealt.ru>
 <YZZH0y1rkSuqAoKz@portlab>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="HS00sqWD6ZL0v9qx"
Content-Disposition: inline
In-Reply-To: <YZZH0y1rkSuqAoKz@portlab>
OpenPGP: url=http://grep.cs.msu.ru/~ar/pgp-key.asc
X-SA-Exim-Connect-IP: 37.204.119.143
X-SA-Exim-Mail-From: arseny@altlinux.org
X-SA-Exim-Version: 4.2.1
X-SA-Exim-Scanned: No (on mail.cs.msu.ru); Unknown failure
Subject: Re: [devel] kernel.userns_restrict
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2021 12:41:18 -0000
Archived-At: <http://lore.altlinux.org/devel/YZZJ6f%2Fdq00RFgAI@cello/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--HS00sqWD6ZL0v9qx
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 18, 2021 at 12:32:19PM +0000, Vladimir D. Seleznev wrote:
> On Thu, Nov 18, 2021 at 03:21:39PM +0300, Anton Farygin wrote:
> > =D0=90 =D1=87=D0=B5=D0=BC =D1=82=D0=B0=D0=BA =D0=BF=D0=BB=D0=BE=D1=85=
=D0=B8 userns =D0=B8 =D0=B7=D0=B0 =D1=87=D1=82=D0=BE =D0=BC=D1=8B =D0=B1=D0=
=BE=D1=80=D0=B5=D0=BC=D1=81=D1=8F, =D0=BC=D0=BE=D0=B6=D0=BD=D0=BE =D1=80=D0=
=B0=D1=81=D1=81=D0=BA=D0=B0=D0=B7=D0=B0=D1=82=D1=8C ?

(=D0=A1=D1=80=D0=B0=D0=B7=D1=83 =D1=81=D0=BA=D0=B0=D0=B6=D1=83: =D1=8F =D0=
=BD=D0=B5 =D0=B7=D0=B0 =D0=BA=D0=B0=D0=BA=D1=83=D1=8E-=D0=BB=D0=B8=D0=B1=D0=
=BE =D0=B8=D0=B7 =D1=82=D0=BE=D1=87=D0=B5=D0=BA =D0=B7=D1=80=D0=B5=D0=BD=D0=
=B8=D1=8F, =D0=B0 =D0=B7=D0=B0 =D0=BE=D0=B1=D1=8A=D0=B5=D0=BA=D1=82=D0=B8=
=D0=B2=D0=BD=D0=BE=D0=B5
=D1=82=D0=B5=D0=BA=D1=83=D1=89=D0=B5=D0=B5 =D0=BF=D0=BE=D0=BB=D0=BE=D0=B6=
=D0=B5=D0=BD=D0=B8=D0=B5 =D0=B4=D0=B5=D0=BB, =D0=BF=D1=80=D0=B5=D0=B4=D0=BC=
=D0=B5=D1=82=D0=BD=D1=8B=D0=B9 =D1=80=D0=B0=D0=B7=D0=B3=D0=BE=D0=B2=D0=BE=
=D1=80 =D0=B8 =D1=80=D0=BE=D0=B6=D0=B4=D0=B5=D0=BD=D0=B8=D0=B5 =D0=B8=D1=81=
=D1=82=D0=B8=D0=BD=D1=8B =D0=B2 =D1=81=D0=BF=D0=BE=D1=80=D0=B5.)

> =D0=A2=D0=B5=D0=BC, =D1=87=D1=82=D0=BE =D1=8D=D1=82=D0=BE =D1=82=D0=B0=D0=
=BA=D0=BE=D0=B9 =D0=B0=D0=BD=D1=82=D0=B8=D1=85=D0=B0=D1=80=D0=B4=D0=B5=D0=
=BD=D0=B8=D0=BD=D0=B3? =D0=AE=D0=B7=D0=B5=D1=80=D0=BD=D1=81 =D0=BF=D1=80=D0=
=B5=D0=B4=D0=BE=D1=81=D1=82=D0=B0=D0=B2=D0=BB=D1=8F=D0=B5=D1=82 =D0=BF=D0=
=BE=D0=BB=D0=BD=D1=8B=D0=B9 =D0=BD=D0=B0=D0=B1=D0=BE=D1=80
> capabilities =D0=BD=D0=B5=D0=BF=D1=80=D0=B8=D0=B2=D0=B8=D0=BB=D0=B5=D0=B3=
=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D0=BD=D0=BE=D0=BC=D1=83 =D0=BF=D0=BE=
=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8E. =D0=97=D0=B0=
=D1=8F=D0=B2=D0=BB=D1=8F=D0=B5=D1=82=D1=81=D1=8F, =D1=87=D1=82=D0=BE =D0=B2=
 =D0=BD=D1=83=D0=B6=D0=BD=D1=8B=D1=85
> =D0=BC=D0=B5=D1=81=D1=82=D0=B0=D1=85 =D0=B2 =D1=8F=D0=B4=D1=80=D0=B5 =D0=
=B5=D1=81=D1=82=D1=8C =D0=BF=D1=80=D0=BE=D0=B2=D0=B5=D1=80=D0=BA=D0=B8 =D0=
=BD=D0=B0 =D0=BD=D0=B5=D0=BA=D0=BE=D1=80=D0=BD=D0=B5=D0=B2=D0=BE=D0=B9 user=
ns, =D0=BD=D0=BE =D0=BF=D1=80=D0=B0=D0=BA=D1=82=D0=B8=D0=BA=D0=B0
> =D0=BD=D0=B5=D0=BE=D0=B4=D0=BD=D0=BE=D0=BA=D1=80=D0=B0=D1=82=D0=BD=D0=BE =
=D0=BF=D0=BE=D0=BA=D0=B0=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=82, =D1=87=D1=82=
=D0=BE =D1=8D=D1=82=D0=B8=D1=85 =D0=BC=D0=B5=D1=81=D1=82 =D1=81=D1=82=D0=B0=
=D0=BD=D0=BE=D0=B2=D0=B8=D1=82=D1=81=D1=8F =D0=B2=D1=81=D1=91 =D0=B1=D0=BE=
=D0=BB=D1=8C=D1=88=D0=B5, =D1=81 =D0=BE=D0=B4=D0=BD=D0=BE=D0=B9
> =D1=81=D1=82=D0=BE=D1=80=D0=BE=D0=BD=D1=8B, =D0=B0 =D1=81 =D0=B4=D1=80=D1=
=83=D0=B3=D0=BE=D0=B9 =D1=81=D1=82=D0=BE=D1=80=D0=BE=D0=BD=D1=8B =D0=B2 =D0=
=B4=D1=80=D1=83=D0=B3=D0=B8=D1=85 =D0=BC=D0=B5=D1=81=D1=82=D0=B0=D1=85, =D1=
=82=D1=80=D0=B5=D0=B1=D1=83=D1=8E=D1=89=D0=B8=D1=85 =D0=BF=D1=80=D0=B8=D0=
=B2=D0=B8=D0=BB=D0=B5=D0=B3=D0=B8=D0=B9,
> =D0=BD=D0=B5=D1=80=D0=B5=D0=B4=D0=BA=D0=BE =D0=BD=D0=B0=D0=BB=D0=B8=D1=87=
=D0=B8=D1=81=D1=82=D0=B2=D1=83=D1=8E=D1=82 =D0=B4=D1=80=D1=83=D0=B3=D0=B8=
=D0=B5 =D0=BE=D0=B3=D1=80=D0=B5=D1=85=D0=B8 =D0=B1=D0=B5=D0=B7=D0=BE=D0=BF=
=D0=B0=D1=81=D0=BD=D0=BE=D1=81=D1=82=D0=B8, =D0=BA=D0=BE=D1=82=D0=BE=D1=80=
=D1=8B=D1=85 =D0=B1=D0=B5=D0=B7 userns =D0=B1=D1=8B=D0=BB=D0=BE
> =D0=B1=D1=8B =D0=BD=D0=B5=D0=B2=D0=BE=D0=B7=D0=BC=D0=BE=D0=B6=D0=BD=D0=BE=
 =D1=8D=D0=BA=D1=81=D0=BF=D0=BB=D1=83=D0=B0=D1=82=D0=B8=D1=80=D0=BE=D0=B2=
=D0=B0=D1=82=D1=8C, =D1=82.=D0=BA. =D0=B8=D1=85 =D1=8D=D0=BA=D1=81=D0=BF=D0=
=BB=D1=83=D0=B0=D1=82=D0=B0=D1=86=D0=B8=D1=8F =D1=82=D1=80=D0=B5=D0=B1=D0=
=BE=D0=B2=D0=B0=D0=BB=D0=BE =D1=8F=D0=B2=D0=BD=D1=8B=D1=85
> =D0=BF=D1=80=D0=B8=D0=B2=D0=B8=D0=BB=D0=B5=D0=B3=D0=B8=D0=B9.

% MANWIDTH=3D56 man user_namespaces | head -n 30 | tail -n -20
       User  namespaces isolate security-related iden=E2=80=90
       tifiers and attributes, in particular, user IDs
       and  group  IDs  (see credentials(7)), the root
       directory, keys (see keyrings(7)), and capabil=E2=80=90
       ities  (see capabilities(7)).  A process's user
       and group IDs can be different inside and  out=E2=80=90

=D0=92 =D0=BF=D0=B5=D1=80=D0=B2=D0=BE=D0=BC =D0=BF=D1=80=D0=BE=D1=86=D0=B8=
=D1=82=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D0=BD=D0=BE=D0=BC =D0=BF=D1=80=
=D0=B5=D0=B4=D0=BB=D0=BE=D0=B6=D0=B5=D0=BD=D0=B8=D0=B8 =D0=BB=D0=B3=D1=83=
=D1=82, =D0=BF=D0=BE=D0=BB=D1=83=D1=87=D0=B0=D0=B5=D1=82=D1=81=D1=8F?

--HS00sqWD6ZL0v9qx
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE56JD3UKTLEu/ddrm9dQjyAYL01AFAmGWSeAACgkQ9dQjyAYL
01CmjA//YUvd06BXDuOaX5yYqmCiz6EDCbh6N3iDlwqQhLYobGAhR/TUMvdGULlW
V2goHcUzsY/yjjC8ofiIvyq9waf6VTHGKxWcAjet39N4Tbodv6mGInEE6xwptXq1
uymGAYSjTnGrfgPdqgv51XUQOWaJGvA9JfEdoq21olOh7pgtaQLqNUTMsa9M4UO0
+cFJgYwzRzEbW9ZLVQxoOYyADrOqEmhymsFQj5rwEaRlucZvAIDrHTE/9MJkAcy3
FmYJH3AsrFMYhGqObGhxzLKMYemGy9lDME/E13SA+QG5TU3oz0tfUkFM2+pv1YHx
Q+kEXd4A0664/9xKQ3x15YgtsjTfCBO73giU0/QKXgzqRxKTXVy8JIa3nYpsL9cU
PZzvhuQ7f8TSBqqoE2ezPruhYZgeZL7XK0VxJBMVAI2GxC6IgPRnKCVZ6yF65+x2
qMyzu+WDd//ehJ5IREIvMh2HG7MCMT/FHvp5lyNFDfLC5AvzQR43BklsOGAGcO/i
nex6veUceptbT/w5tdLvW/1GT7ih44bUiupvQBjiN+P24ba0Bwuyw9EkcURIaVI5
/eZ4Dgm4ebjOFF9RYK8JICnHGgWIER6Ra6bvAIE4wJbNc774O4O7jRtug0MoU81i
CyxIUoiTU6zVHlPuAhNKH8cIgkAh9Z8SxnEKaUIWTZE7uNTFwGc=
=/Rgq
-----END PGP SIGNATURE-----

--HS00sqWD6ZL0v9qx--