walters@xxxxxxxxxx (Colin Walters) writes: > There's actually been some work going on on giving each user their > own /tmp namespace via the kernel's CLONE_NEWNS capability and a PAM > module, AIUI. To the system administrator this could appear as > /tmp/<username>. I think the problem is in getting later mounts to > actually appear in the cloned namespace. This CLONE_NEWNS and (related) 'mount --bind' operations are not very well supported by the kernel: * there does not exist a way to enter an already existing namespace; so, e.g. two different ssh sessions would have different /tmp directories * namespaces are causing problems with automounters * 'mount --bind' does not accept/honor options like 'noatime' or 'noexec' (which could be usefully e.g. to mount $HOME/tmp as /tmp). Patches are existing but responsible kernel maintainer refuses to apply them :( * CLONE_NEWNS + 'mount --bind' are not very well documented and it is often unclear whether strange behavior is expected or not. E.g. it may happen that '/' and '/..' are pointing to different inodes; dunno if this is wanted or not. Enrico
Attachment:
pgplJFCytKAF0.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
