On 06/26/2013 04:39 AM, Daniel P. Berrange wrote: > On Thu, Jun 13, 2013 at 08:02:18PM +0200, Richard Weinberger wrote: >> Within a user namespace root can remount these filesysems at any >> time rw. >> Create these mappings only if we're not playing with user namespaces. > > This is a problem with the way we're initializing mounts in the > user namespace. This problem exists even libvirt lxc doesn't support user namespace. > We need to ensure that the initial mounts setup > by libvirt can't be changed by admin inside the container. Preventing > the container admin from remounting or unmounting these mounts is key > to security. > > IIUC, the only way to ensure this is to start a new user namespace > /after/ setting up all mounts. > start a new user namespace means the container will lose controller of mount namespace. so the container can't do mount operation too, though we only can mount a little of filesystems in un-init user namespace. So maybe we should fix this problem by selinux. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list