[patch 0/8] unprivileged mount syscall

Miklos Szeredi miklos at szeredi.hu
Fri Apr 6 23:48:20 PDT 2007


> On 4/6/07, H. Peter Anvin <hpa at zytor.com> wrote:
> > Jan Engelhardt wrote:
> > > On Apr 6 2007 16:16, H. Peter Anvin wrote:
> > >>>> - users can use bind mounts without having to pre-configure them in
> > >>>> /etc/fstab
> > >>>>
> > >> This is by far the biggest concern I see.  I think the security implication of
> > >> allowing anyone to do bind mounts are poorly understood.
> > >
> > > $ whoami
> > > miklos
> > > $ mount --bind / ~/down_under
> > >
> > > later that day:
> > > # userdel -r miklos
> > >
> >
> > Consider backups, for example.
> >
> 
> This is the reason why enforcing private namespaces for user mounts
> makes sense.  I think it catches many of these corner cases.

Yes, disabling user bind mounts in the global namespace makes sense.

Enabling user fuse mounts in the global namespace still works though,
even if a little cludgy.  All these nasty corner cases have been
thought through and validated by a lot of users.

Thanks,
Miklos



More information about the Containers mailing list