[Devel] Re: [patch 05/10] add "permit user mounts in new
namespace" clone flag
Ram Pai
linuxram at us.ibm.com
Mon Apr 16 02:49:01 PDT 2007
On Mon, 2007-04-16 at 11:32 +0200, Miklos Szeredi wrote:
> > > Given the existence of shared subtrees allowing/denying this at the
> > > mount
> > > namespace level is silly and wrong.
> > >
> > > If we need more than just the filesystem permission checks can we
> > > make it a mount flag settable with mount and remount that allows
> > > non-privileged users the ability to create mount points under it
> > > in directories they have full read/write access to.
> >
> > Also for bind-mount and remount operations the flag has to be propagated
> > down its propagation tree. Otherwise a unpriviledged mount in a shared
> > mount wont get reflected in its peers and slaves, leading to unidentical
> > shared-subtrees.
>
> That's an interesting question. Do we want shared mounts to be
> totally identical, including mnt_flags? It doesn't look as if
> do_remount() guarantees that currently.
Depends on the semantics of each of the flags. Some flags like of the
read/write flag, would not interfere with the propagation semantics
AFAICT. But this one certainly seems to interfere.
RP
> Miklos
More information about the Containers
mailing list