On Tue, 2009-01-06 at 19:23 -0500, Trond Myklebust wrote: > On Tue, 2009-01-06 at 19:20 -0500, J. Bruce Fields wrote: > > If it would be possible, for example, for the 'init' namespace to have > > no network interfaces at all, then it would be nicer to use a name > > that's at least been used with nfs at *some* point--just on the general > > principle of not leaking information to a domain that the user wouldn't > > expect it to. > > Then RPC would fail. Thanks to the limitations imposed by selinux & > friends, all RPC sockets have to be owned by the init process. Interesting -- I'm not familiar with this requirement of selinux. Must it be the init process of the initial pid namespace or could any pid namespace's init process own it? Cheers, -Matt Helsley -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
