Jan Engelhardt wrote: > On Apr 6 2007 16:16, H. Peter Anvin wrote: >>>> - users can use bind mounts without having to pre-configure them in >>>> /etc/fstab >>>> >> This is by far the biggest concern I see. I think the security implication >> of >> allowing anyone to do bind mounts are poorly understood. > > $ whoami > miklos > $ mount --bind / ~/down_under > > later that day: > # userdel -r miklos > > So both the source (/) and target (~/down_under) directory must be owned > by the user before --bind may succeed. > > There may be other implications hpa might want to fill us in.
Consider backups, for example. -hpa _______________________________________________ Containers mailing list [EMAIL PROTECTED] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel