Re: [patch 00/10] mount ownership and unprivileged mount syscall (v8)

[Miklos Szeredi]

> On Mon, Feb 18, 2008 at 12:47:59PM +0100, Miklos Szeredi wrote:
> > So what should I do?
> > 
> > Would Al be wanting to merge this into his VFS tree?  (Can't find it
> > on git.kernel.org yet, BTW.)
> 
> FWIW, it's on hera right now, should propagate to git.kernel.org in a few.
> 
> Branches I'd pushed there: vfs-fixes.b0 and ro-bind.b0.  The latter is
> on top of the former.  There will be more, but that at least takes care
> of the most urgent stuff.  Again, apologies for things being too damn
> slow ;-/
> 
> As for the unprivileged mounts...
> 	a) why do we lose them on clone() in new namespace?  Bloody
> inconvenient, to put it mildly.
> 	b) why do we prohibit all kinds of remount?

I wanted to get the basics right, before thinking about these details.
But getting the semantics of a) right before this is merged is a good
idea, of course...  So I'll have to think about that.

The remount stuff can wait (especially if there will be a new mount
API for this kind of thing).

> 	c) just what is limited by that sysctl?  AFAICS, rbind is allowed
> if mountpoint is on user vfsmount and it seems to create vfsmounts without
> eating into that limit just fine...  What's the point of limiting the
> amount of vfsmounts marked user when you do not limit the number of vfsmount
> one can allocate?

The limit is there, so that unprivileged users cannot create insane
number of mounts.  It's just a safety thing, analogous to
/proc/sys/fs/file-max.

Thanks for looking at this.

Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/