2011/5/25 C Anthony Risinger <anthony@xxxxxxx>: > On Wed, May 25, 2011 at 4:38 PM, Serge E. Hallyn <serge@xxxxxxxxxx> wrote: >> Quoting C Anthony Risinger (anthony@xxxxxxx): [...] >>> if i understand correctly, mount namespaces (for example), allow one >>> to build such constructs as "private /tmp" and similar that even >>> `root` cannot access ... and there are many reasons `root` does not >>> deserve to completely know/interact with user processes (FUSE makes a >>> good example ... just because i [user] have SSH access to a machine, >>> why should `root`?) >> If for instance you have a file open in your private /tmp, then root >> in another mounts ns can open the file through /proc/$$/fd/N anyway. >> If it's a directory, he can now traverse the whole fs. > aaah right :-( ... there's always another way isn't there ... curse > you Linux for being so flexible! (just kidding baby i love you) > > this seems like a more fundamental issue then? Âor should i not expect > to be able to achieve separation like this? Âi ask in the context of > OS virt via cgroups + namespaces, eg. LXC et al, because i'm about to > perform a massive overhaul to our crusty sub-2.6.18 infrastructure and > i've used/followed these technologies for couple years now ... and > it's starting to feel like "the right time". You either trust the admin or don't use the machine. There is no third way. Best Regards, MichaÅ MirosÅaw _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
