Hello. I think bind mounts were discussed when shared subtree ( http://lwn.net/Articles/159092/ ) was introduced. For systems that allow users mount their CD/DVDs freely, bind mounts are used and labeling files is a convenient way to deny accessing somebody else's files. But systems that don't allow users mount their CD/DVDs freely, bind mounts needn't to be used and using pathnames is a convenient way to deny accessing somebody else's files. Pathname based access control/auditing system works if the system doesn't use bind mounts. However, there are distributions (e.g. Debian Etch) that always use bind mounts. In such distributions, pathname based access control/auditing system doesn't work. This is not the fault of distributions nor pathname based access control/auditing system. It is possible to solve by passing vfsmount to VFS and LSM functions. SELinux users are having a lot of trouble because pathnames in audit logs are not always complete. AppArmor users are having a lot of trouble because pathnames which a process requested are ambiguous when bind mounts are used. Being able to report pathnames that a process requested is not surprising when considering user friendliness. I beleive passing vfsmount makes both users happy. Thanks. - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
