On Tue, Sep 01, 2015 at 01:00:20PM -0500, Eric W. Biederman wrote: > No problem. Thank you for the discussion. This has if nothing else > allowed me to understand this from a real world perspective, and in > particular allows me to understand which permission checks would be > necessary to safely allow file handles in a user namespace (if we ever > decide it is safe to allow that). > > In short if you did not mount the filesystem you better not be nfs > exporting the filesystem, or parts of the filesystem, or be allowed to > use file handle access to the filesystem. Agreed. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html