> It would be nice in general if we could avoid any sort of checks for > (mnt->mnt_ns == init_nsproxy.mnt_ns). Maybe that won't be possible, > but, taking the two listed examples: [snip] It's probably worthwile going after these problematic cases, and fixing them, OTOH it's not easy to audit a complete system for holes arising from user mounts in the global namespace. So why not move this decision out from the kernel? How about adding a boolean flag to namespaces, which specifies whether unprivileged mounts are allowed or not. This would give complete flexibility to distro builders and sysadmins. The biggest problem I see is how to set this flag. There's no easy way to represent namespaces in /proc or /sys, and this is sufficiently obscure not to warrant a new syscall. Adding a new flag to prctl() could do the trick. Does that sound OK? Thanks, Miklos - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
