[patch 05/10] add "permit user mounts in new namespace" clone flag

Miklos Szeredi miklos at szeredi.hu
Fri Apr 13 00:09:54 PDT 2007


> question: how is mounting filesystems (loopback,
> fuse, etc) secured in such way that the user
> cannot 'create' device nodes with 'unfortunate'
> permissions?

All unprivileged mounts have "nosuid,nodev" added to their options.

Miklos



More information about the Containers mailing list