Hello Eric, On Fri, 2 Nov 2018 at 12:33, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: [...] Thanks for taking the time to reply at length! > My thoughts: > a) I do forsee attacks > b) Anyone can create a user namespace and then a mount namespace > so I don't see the point of a set-UID-root program. > c) The work to support mounting a filesystem in your own > mount namespace owned by your own user namespace is essentially > complete at this point. Re point (c), this includes mounts of block devices, right? > Michael do we need to update the man pages somewhere to document that > you can now mount fuse filesystems in any mount namespace? That would be great. Perhaps this belongs in user_namesapces(7) (or perhaps mount_namespaces(7)). But I need some help with the text... Thanks, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/
