Re: [RFC] Null Namespaces
From: John Ericson <hidden>
Date: 2026-06-30 04:26:06
Also in:
linux-arch, linux-fsdevel, lkml
From: John Ericson <hidden>
Date: 2026-06-30 04:26:06
Also in:
linux-arch, linux-fsdevel, lkml
On Mon, Jun 29, 2026, at 5:06 PM, Andy Lutomirski wrote:
But if this happens, maybe we could finally land one of the patches to enable unprivileged chroot? It's been tried a few times.
If we had a way to make an OFD to a directory that forced RESOLVE_BENEATH (or RESOLVE_IN_ROOT) and that propagated that restriction to anything you open using it, and if an unprivileged process could chroot itself to nullfs, then we would be getting quite close to what Capsicum can do.
I just want to briefly say that I agree that these are both things worth pursuing. Once the root and working directories are sorted out (whether by nullfs or by making those optional in `fs_struct`, see my other email), I am fine putting my yet-unsubmitted patches for the null namespaces themselves on hold and addressing these things instead. I can indeed see it may be useful to wrap up such loose ends in VFS-land while we are here, before switching gears to other namespaces and other subsystems. John