Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:103814 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 27933 invoked from network); 24 Jan 2019 01:27:28 -0000 Received: from unknown (HELO mail-wr1-f50.google.com) (209.85.221.50) by pb1.pair.com with SMTP; 24 Jan 2019 01:27:28 -0000 Received: by mail-wr1-f50.google.com with SMTP id s12so4292758wrt.4 for ; Wed, 23 Jan 2019 14:05:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=9nR8GXDUty0HQnFkzg2gIcfod+VKAF8OrrG0L7bnAU0=; b=bhee0hHbDpuHSygKrPcw1U9mAVjQNp3Vgw6+8WQhjuhOb2wRdhHr4h/XTq9zYf4x2K 2tnEOagjEXC5fZq5IamSvVZU2cvIUfjYgcj7L1KEx4uQ87yDTDxGbcZmhStiqDeHnUG1 Pe6n2NiOa6FjhVy6pHbCgnNHeydAnlvNjPrCGo33uzPP+XU+WVIQKRorGvn6n+YiRWpX 3KlU3METIaTeacgrIa0xtGByoW/qNSzL7JXkOFj9Dg8GwbEwBeuMuNmRXwVd6WrjSyh8 4kUhHAumqcUo1xz7rkkhB0J9mR5CPBQe+vPJjEGJ0XGLD8NAKTrCS0LU6jWXT5XPUeVx BjSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=9nR8GXDUty0HQnFkzg2gIcfod+VKAF8OrrG0L7bnAU0=; b=r0gobg3XJWN6Ng+LMxa7i1FwpwdEaV6sZuUQ9f8R6IDVE5yfP4TG6mddyhe2VRPTNN 1KC1IOKyIOtc7Ib7yT2aq2POYQtTNRwhCaujyStM/lEDTKP2kb653KYe4gcKQar5gyJO yTYFOd5g2MzLS+Z75cpORBsZgM7ClRMfrQcdThpetBVRGkBoYyuZ0Hgxz4MnLG4snQaI Ux/5qyBrH8IlLloqTiqfMADc1QHNG6sP5IVX8KnseX4ZCK2THrV9nBX9KW5K2eMrvPIy WkABN1yVQd2uwa1bU4tUYQaHcZmOcP0vcAkWJtZbf84LsVRY4OK40bd197T8ZWZHmw+K DlYQ== X-Gm-Message-State: AJcUukfL/pqNMPRgASEaciGxVKnavOeyqrU87s6oSNkmELH0ThE2DFut 3197c6ewVQ82B7GXQAKcsuDYA/VQ X-Google-Smtp-Source: ALg8bN4xPqa4yrqQYTK1nK8WDhCbNANVQzAUjFSUMRs1ByXlQa7SZtheAEBPZJkhYkRZ29636W6eUg== X-Received: by 2002:adf:fac6:: with SMTP id a6mr4733481wrs.53.1548281126199; Wed, 23 Jan 2019 14:05:26 -0800 (PST) Received: from [192.168.0.14] (cpc84253-brig22-2-0-cust114.3-3.cable.virginm.net. [81.108.141.115]) by smtp.googlemail.com with ESMTPSA id e16sm175876672wrn.72.2019.01.23.14.05.25 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Jan 2019 14:05:25 -0800 (PST) To: internals@lists.php.net References: Message-ID: <65339914-c10a-4922-3444-c731bd2e34d1@gmail.com> Date: Wed, 23 Jan 2019 22:05:25 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-GB Subject: Re: [PHP-DEV] Exposing the linux namespaces API via pcntl_* From: rowan.collins@gmail.com (Rowan Collins) On 23/01/2019 21:15, Pedro Magalhães wrote: > I think it can be useful for a language to expose this functionality to the > users for that kind of purpose (ie. run a security sensitive task in > isolation, simulate certain conditions like no network access, etc..). For > that end, I've put forward https://github.com/php/php-src/pull/3760 which > provides an implementation of `pcntl_unshare(int $flags): bool`. And I'm > looking for some feedback if anyone would oppose the introduction of this > function (and probably `setns` next). Could you give an example of how this would work in the context of a PHP process? Would it only make sense in a CLI context, when performing some kind of system task? I'm struggling to think how you'd use it in a task that would be suited to PHP, but that's probably just lack of imagination on my part. Regards, -- Rowan Collins [IMSoP]