This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Testing on hosts with firewalls

From: Florian Weimer <fweimer at redhat dot com>
To: Andreas Schwab <schwab at linux-m68k dot org>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Fri, 30 Dec 2016 10:31:25 +0100
Subject: Re: Testing on hosts with firewalls
Authentication-results: sourceware.org; auth=none
References: <b5618713-58ee-4b64-4f6f-4722818af73a@redhat.com> <20161229180613.GD16617@vapier> <7f8dad7f-ecb3-675a-f45b-16887dbc4f4e@redhat.com> <20161229233516.GF16617@vapier> <87r34psr46.fsf@linux-m68k.org>

On 12/30/2016 10:28 AM, Andreas Schwab wrote:

On Dez 29 2016, Mike Frysinger <vapier@gentoo.org> wrote:

$ unshare -Urn


unshare: write failed /proc/self/gid_map: Operation not permitted

There would have to be fallback code for older/restricted kernels. Somedistributions disable user namespaces in various ways because they havebeen shown to expand the kernel attack surface significantly.

If this is a current upstream kernel with user namespaces enabled, Iwould be worried, though.


Florian

Follow-Ups:
- Re: Testing on hosts with firewalls
  - From: Andreas Schwab

References:
- Testing on hosts with firewalls
  - From: Florian Weimer
- Re: Testing on hosts with firewalls
  - From: Mike Frysinger
- Re: Testing on hosts with firewalls
  - From: Florian Weimer
- Re: Testing on hosts with firewalls
  - From: Mike Frysinger
- Re: Testing on hosts with firewalls
  - From: Andreas Schwab

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]