On Tue, May 12, 2009 at 08:13:24PM -0400, Trond Myklebust wrote: > On Tue, 2009-05-12 at 17:04 -0700, Eric W. Biederman wrote: > > Trond Myklebust <trond.myklebust@xxxxxxxxxx> writes: > > > > > Finally, what happens if someone decides to set up a private socket > > > namespace, using CLONE_NEWNET, without also using CLONE_NEWNS to create > > > a private mount namespace? Would anyone have even the remotest chance in > > > hell of figuring out what filesystem is mounted where in the ensuing > > > chaos? > > > > Good question. Multiple NFS servers with the same ip address reachable > > from the same machine sounds about as nasty pickle as it gets. > > > > The only way I can even imagine a setup like that is someone connecting > > to a vpn. So they are behind more than one NAT gateway. > > > > Bleh NAT sucks. > > It is doable, though, and it will affect more than just NFS. Pretty much > all networked filesystems are affected. > > It begs the question: is there ever any possible justification for > allowing CLONE_NEWNET without implying CLONE_NEWNS? There are so many filesystem-based kernel APIs that this is a pervasive problem IMHO -- not just with CLONE_NEWNET. However, even if we required CLONE_NEWNET|CLONE_NEWNS network namespaces still present a problem to network filesystems in general. -Matt -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html