On Tue, Jan 24, 2012 at 01:04:57AM +0200, Kirill A. Shutemov wrote: > On Mon, Jan 23, 2012 at 09:12:19PM +0000, Al Viro wrote: > > This is bloody ridiculous; if you want to prevent a luser adming playing with > > the set of mounts you've given it, the right way to go is not to mess with the > > "which fs types are allowed" but to add a per-namespace "immutable" flag. > > And add a new clone(2)/unshare(2) flag, used only along with the CLONE_NEWNS > > and setting the "immutable" on the copied namespace. > > How will it work if we want to allow namespaced environment to mount block > devices, but not, let say, debugfs? > > Differentiation between filesystem type and source is one of broken things > in Unix API. Translation, please? > I don't see an easy way to fix it. Only plan9. :) Huh? Plan 9 does *not* contain anything of that kind. And their '#<letter>' convention for in-kernel filesystems is one of the uglier things about their API, IMO... -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
