19655 – nscd: add support for Linux namespaces

Bug 19655 - nscd: add support for Linux namespaces

Summary: nscd: add support for Linux namespaces

Status:	NEW

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	nscd (show other bugs)
Version:	2.23

Importance:	P2 enhancement
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-02-18 06:10 UTC by Mike Frysinger
Modified:	2016-02-18 14:43 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike Frysinger 2016-02-18 06:10:50 UTC

for system hardening, nscd should automatically create new namespaces for itself when it starts up.  see the unshare(2) manpage for some more details.

the kernel allows for these to be turned off, so we need to test for each one at runtime.  we'll get back EINVAL when one isn't available.

Comment 1 Florian Weimer 2016-02-18 14:43:04 UTC

We need to consider that NSS service modules can do basically anything, so a high-quality implementation is difficult.  An initial implementation could be restricted to the files and dns modules.