Thread (34 messages) 34 messages, 8 authors, 1d ago

Re: [RFC] Null Namespaces

From: John Ericson <hidden>
Date: 2026-06-30 04:26:06
Also in: linux-arch, linux-fsdevel, lkml

On Mon, Jun 29, 2026, at 5:06 PM, Andy Lutomirski wrote:
But if this happens, maybe we could finally land one of the patches to
enable unprivileged chroot?  It's been tried a few times.
If we had a way to make an OFD to a directory that forced
RESOLVE_BENEATH (or RESOLVE_IN_ROOT) and that propagated that
restriction to anything you open using it, and if an unprivileged
process could chroot itself to nullfs, then we would be getting quite
close to what Capsicum can do.
I just want to briefly say that I agree that these are both things worth
pursuing.

Once the root and working directories are sorted out (whether by nullfs
or by making those optional in `fs_struct`, see my other email), I am
fine putting my yet-unsubmitted patches for the null namespaces
themselves on hold and addressing these things instead. I can indeed see
it may be useful to wrap up such loose ends in VFS-land while we are
here, before switching gears to other namespaces and other subsystems.

John
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help