On 09/10/2013 04:11 PM, Daniel P. Berrange wrote: > Using SELinux, or dropping certain capabilities will prevent that, so > this is still useful protection even if unconfined root can get around > it. In addition Eric Biederman has a change to allow the mount state > to be locked & prevent this approach. Ok, thanks for your information. I need to take a look at it. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list