[Devel] Re: [patch 05/10] add "permit user mounts in new
namespace" clone flag
Trond Myklebust
trond.myklebust at fys.uio.no
Wed Apr 18 07:26:29 PDT 2007
On Wed, 2007-04-18 at 16:03 +0200, Miklos Szeredi wrote:
> > Don't forget that almost all mount flags are per-superblock. How are you
> > planning on dealing with the case that one user mounts a filesystem
> > read-only, while another is trying to mount the same one read-write?
>
> Yeah, I forgot, the per-mount read-only patches are not yet in.
>
> That doesn't really change my agrument though. _If_ the flag is per
> mount, then it makes sense to be able to change it on a master and not
> on a slave. If mount flags are propagated, this is not possible.
Read-only isn't the only issue. On something like NFS, there are flags
to set the security flavour, turn on/off encryption etc.
If I mount your home directory using no encryption in my namespace, for
instance, then neither you nor the administrator will be able to turn it
on afterwards in yours without first unmounting it from mine so that the
superblock is destroyed.
Cheers
Trond
More information about the Containers
mailing list