This is again related to the FUSE permission thread, but a slightly different idea and without a slimy hack patch.
I really want to enable users to be able to create private namespaces, but I want to try and avoid creating a venerability by allowing them to abuse system resources. It looks like this can be done by adding RLIMIT_NEWNS as a per-user resource limit, and tracking the number of private namespaces a user has in the user_struct. Any time a user creates a private namespace (either via clone with CLONE_NEWNS) or any other method, this limit is checked and the per user count is incremented (in copy_namespace). When namespaces are cleaned up (in __put_namespace), the per-user count is decremented. Is this sufficient to cover any exposure? What's the correct solution for the shared sub-trees RFC? Should there be something similar for user mounts/binds? -eric - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html