@pid_eins suid programs executing in the environment of the parent process means that I might become root in a user namespace and get the filesystem view of the current mount ns. This won't work with your approach, will it?
Top-level
@pid_eins suid programs executing in the environment of the parent process means that I might become root in a user namespace and get the filesystem view of the current mount ns. This won't work with your approach, will it? 3 comments
@pid_eins the point is that sometimes you need that context. If I'm in a toolbox sudo has to allow me to get things done in the context of the toolbox and not of the system root. I. principle I agree with you about suid, I just don't see how you can get rid of it with containers. |
@swick yes, and that's a *feature* not a bug. If you acquire privs you want the guarantee that noone fucks around with your mounts and overmounts/replaces stuff that they shouldn't be able to.
That's *precisely* what I mean with clean context: if you use run0 you get a guaranteed clean execution context, with all such inherited namespace or whatnot shenanigans gone for good.