On Thu, Jun 13, 2013 at 08:02:18PM +0200, Richard Weinberger wrote: > Within a user namespace root can remount these filesysems at any > time rw. > Create these mappings only if we're not playing with user namespaces. This is a problem with the way we're initializing mounts in the user namespace. We need to ensure that the initial mounts setup by libvirt can't be changed by admin inside the container. Preventing the container admin from remounting or unmounting these mounts is key to security. IIUC, the only way to ensure this is to start a new user namespace /after/ setting up all mounts. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list