| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Apr 2007 10:26:29 -0400 From: Trond Myklebust <trond.myklebust@....uio.no> To: Miklos Szeredi <miklos@...redi.hu> Cc: ebiederm@...ssion.com, serue@...ibm.com, linuxram@...ibm.com, linux-fsdevel@...r.kernel.org, viro@....linux.org.uk, containers@...ts.osdl.org, akpm@...ux-foundation.org, linux-kernel@...r.kernel.org Subject: Re: [Devel] Re: [patch 05/10] add "permit user mounts in new namespace" clone flag On Wed, 2007-04-18 at 16:03 +0200, Miklos Szeredi wrote: > > Don't forget that almost all mount flags are per-superblock. How are you > > planning on dealing with the case that one user mounts a filesystem > > read-only, while another is trying to mount the same one read-write? > > Yeah, I forgot, the per-mount read-only patches are not yet in. > > That doesn't really change my agrument though. _If_ the flag is per > mount, then it makes sense to be able to change it on a master and not > on a slave. If mount flags are propagated, this is not possible. Read-only isn't the only issue. On something like NFS, there are flags to set the security flavour, turn on/off encryption etc. If I mount your home directory using no encryption in my namespace, for instance, then neither you nor the administrator will be able to turn it on afterwards in yours without first unmounting it from mine so that the superblock is destroyed. Cheers Trond - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists