On Tue, Sep 01, 2015 at 01:00:20PM -0500, Eric W. Biederman wrote: > No problem. Thank you for the discussion. This has if nothing else > allowed me to understand this from a real world perspective, and in > particular allows me to understand which permission checks would be > necessary to safely allow file handles in a user namespace (if we ever > decide it is safe to allow that). > > In short if you did not mount the filesystem you better not be nfs > exporting the filesystem, or parts of the filesystem, or be allowed to > use file handle access to the filesystem. Agreed. --b. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
