On Wed, Sep 27 2017, J. Bruce Fields wrote: > On Wed, Sep 27, 2017 at 10:45:17AM +1000, NeilBrown wrote: >> My idea is that the "root" network namespace is only available in early >> boot. An NFS mount happens then (and possibly a daemon hangs around in >> this network namespace to refresh the NFS mount). > > I think they also want to be able to do mounts after boot. Hence "a daemon hangs around ... to refresh the NFS mount" by which I meant to imply the possibility of creating new mounts as well. That may be unnecessary. It might be safe to allow processes to move between the network namespace. We still don't have a clear statement of the threat model and the degree of isolation that is required, so it is hard to create concrete recommendations. Thanks, NeilBrown > > I assume you either keep the mount namespace shared, or use mount > propagation of some kind. > > --b.
Attachment:
signature.asc
Description: PGP signature