On Mon, Jan 23, 2012 at 09:12:19PM +0000, Al Viro wrote: > This is bloody ridiculous; if you want to prevent a luser adming playing with > the set of mounts you've given it, the right way to go is not to mess with the > "which fs types are allowed" but to add a per-namespace "immutable" flag. > And add a new clone(2)/unshare(2) flag, used only along with the CLONE_NEWNS > and setting the "immutable" on the copied namespace. How will it work if we want to allow namespaced environment to mount block devices, but not, let say, debugfs? Differentiation between filesystem type and source is one of broken things in Unix API. I don't see an easy way to fix it. Only plan9. :) -- Kirill A. Shutemov -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
