Re: [PATCH] private mounts

From: Martin Mares
Date: Wed Apr 27 2005 - 13:29:57 EST

Next message: Chris Wright: "Re: [00/07] -stable review"
Previous message: Alan Cox: "Re: [01/07] uml: add nfsd syscall when nfsd is modular"
In reply to: Miklos Szeredi: "Re: [PATCH] private mounts"
Next in thread: Miklos Szeredi: "Re: [PATCH] private mounts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

> So yes the check fsuid is not the perfect solution. However let me
> remind you that neither is the one with private namespace.

What I'm arguing about is that the fsuid check is obscure (it breaks
traditional semantics of file permissions [*], it doesn't allow an user
to grant access to his user mount to other users, even if the permissions
allow that and so on) and it doesn't fully solve the problem anyway.

For similar reasons, I don't advocate for private namespaces either.

The cure more likely lies in simple policy rules like the "all user mounts
belong to /mnt/usr" one, instead of putting dubious policy to the kernel.

Have a nice fortnight
--
Martin `MJ' Mares <mj@xxxxxx> http://atrey.karlin.mff.cuni.cz/~mj/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
Mr. Worf, scan that ship." "Aye, Captain... 600 DPI?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "Re: [00/07] -stable review"
Previous message: Alan Cox: "Re: [01/07] uml: add nfsd syscall when nfsd is modular"
In reply to: Miklos Szeredi: "Re: [PATCH] private mounts"
Next in thread: Miklos Szeredi: "Re: [PATCH] private mounts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]