From: "Daniel P. Berrange"
If the guest is configured with
Then any submounts under / should also end up readonly. eg if
the user has /home on a separate volume, they'd expect /home
to be readonly.
Users can selectively make sub-mounts read-write again by
simply
On 09/09/2013 09:30 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange"
>
> If the guest is configured with
>
>
>
>
>
>
>
> Then any submounts under / should also end up readonly. eg if
> the user has /home on a separate volume, they'd expect /home
> to be
On 09/09/2013 11:30 PM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange"
>
> If the guest is configured with
>
>
>
>
>
>
>
> Then any submounts under / should also end up readonly. eg if
> the user has /home on a separate volume, they'd expect /home
> to be
On Tue, Sep 10, 2013 at 09:58:13AM +0800, Gao feng wrote:
> On 09/09/2013 11:30 PM, Daniel P. Berrange wrote:
> > From: "Daniel P. Berrange"
> >
> > If the guest is configured with
> >
> >
> >
> >
> >
> >
> >
> > Then any submounts under / should also end up reado
On 09/10/2013 04:11 PM, Daniel P. Berrange wrote:
> Using SELinux, or dropping certain capabilities will prevent that, so
> this is still useful protection even if unconfined root can get around
> it. In addition Eric Biederman has a change to allow the mount state
> to be locked & prevent this app