[RFC][PATCH] Improve NFS use of network and mount namespaces
Eric W. Biederman
ebiederm at xmission.com
Tue May 12 17:04:39 PDT 2009
Trond Myklebust <trond.myklebust at fys.uio.no> writes:
> Finally, what happens if someone decides to set up a private socket
> namespace, using CLONE_NEWNET, without also using CLONE_NEWNS to create
> a private mount namespace? Would anyone have even the remotest chance in
> hell of figuring out what filesystem is mounted where in the ensuing
> chaos?
Good question. Multiple NFS servers with the same ip address reachable
from the same machine sounds about as nasty pickle as it gets.
The only way I can even imagine a setup like that is someone connecting
to a vpn. So they are behind more than one NAT gateway.
Bleh NAT sucks.
Eric
More information about the Containers
mailing list