On 4/6/07, H. Peter Anvin <hpa@xxxxxxxxx> wrote: > Jan Engelhardt wrote: > > On Apr 6 2007 16:16, H. Peter Anvin wrote: > >>>> - users can use bind mounts without having to pre-configure them in > >>>> /etc/fstab > >>>> > >> This is by far the biggest concern I see. I think the security implication of > >> allowing anyone to do bind mounts are poorly understood. > > > > $ whoami > > miklos > > $ mount --bind / ~/down_under > > > > later that day: > > # userdel -r miklos > > > > Consider backups, for example. > This is the reason why enforcing private namespaces for user mounts makes sense. I think it catches many of these corner cases. -eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers