<div>Hi Serge! Thanks for your help. </div>
<div> </div>
<div>(The link I was referring in original mail: <a href="http://lxc.sourceforge.net/index.php/about/kernel-namespaces/user/">http://lxc.sourceforge.net/index.php/about/kernel-namespaces/user/</a>). </div>
<div> </div>
<div>Regards,</div>
<div>Sanjay<br> <br> </div>
<div class="gmail_quote">On Thu, Apr 14, 2011 at 3:19 PM, Serge Hallyn <span dir="ltr"><<a href="mailto:serge.hallyn@canonical.com">serge.hallyn@canonical.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div class="im">Quoting sanjay (<a href="mailto:genacct412@gmail.com">genacct412@gmail.com</a>):<br>> Hi! I am new to the technology and thread. I have two basic questions, hope<br>> you can provide some guidance.<br>
><br>> 1. UID Privilege Isolation.<br>> ~~~~~~~~~~~~~~~~~<br>> If I understand it right, currently if a host-uid and guest-uid have the<br>> same numerical value, they essentially have the same file access privilege.<br>
> Posting from 01/14/11 indicated that a patchset related to 'user namespace'<br>> is in works to address this issue. Link in the LXC home/user indicated two<br>> possible approach are being considered. I was wondering if there has been<br>
> any conclusion in this front ?<br><br></div>I don't know what link you mean. There is a clear roadmap, there is<br>plenty of work to be done.<br>
<div class="im"><br>> 2. Guest modifying its own cgroup<br>> ~~~~~~~~~~~~~~~~~~~~~~~~<br>> It appears that from a guest one can mount the cgroup and modify its own<br>> constraints specified in the cgroup. Is there a way, I can prevent a guest<br>
> from doing so?<br><br></div>LSM<br><font color="#888888"><br>-serge<br></font></blockquote></div><br><br clear="all"><br>-- <br>
<div>Regards,</div>
<div>Sanjay</div><br>