Jump to: navigation, search

User namespace

26 bytes added, 17:44, 29 July 2014
no edit summary
* access to /proc/pid/map_files which we use for restore of shared memory (CAP_SYS_ADMIN)
* using of SO_RCVBUFFORCE and SO_SNDBUFFORCE socket option (CAP_NET_ADMIN)
* open_by_handle_at and linkat(AT_EMPTY_PATH) requires CAP_DAC_READ_SEARCH
The list will be updated with time. To resolve the problems we need to address every issue and modify the kernel. For first bullet there is a patch already floating around in kernel mailing list.
[ Here is a draft of userspace code]

Navigation menu