Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be known

2013-11-18 Thread Daniel P. Berrange
On Thu, Nov 14, 2013 at 05:44:40PM +0800, Chen Hanxiao wrote: -Original Message- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Wednesday, November 13, 2013 6:35 PM To: Chen Hanxiao Cc: libvir-list@redhat.com Subject: Re: [libvirt] [PATCH v2]lxc: don't mount

Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be known

2013-11-18 Thread Chen Hanxiao
-Original Message- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Monday, November 18, 2013 11:57 PM To: Chen Hanxiao Cc: libvir-list@redhat.com Subject: Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be known On Thu, Nov 14, 2013 at 05:44:40PM

Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be known

2013-11-17 Thread Gao feng
: Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be known On Wed, Nov 13, 2013 at 04:51:43PM +0800, Chen Hanxiao wrote: From: Chen Hanxiao chenhanx...@cn.fujitsu.com If we enable userns, we could bind mount some dirs from host to guest, which don't belong to the target

Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be known

2013-11-15 Thread Daniel P. Berrange
On Thu, Nov 14, 2013 at 05:44:40PM +0800, Chen Hanxiao wrote: -Original Message- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Wednesday, November 13, 2013 6:35 PM To: Chen Hanxiao Cc: libvir-list@redhat.com Subject: Re: [libvirt] [PATCH v2]lxc: don't mount

Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be known

2013-11-14 Thread Chen Hanxiao
-Original Message- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Wednesday, November 13, 2013 6:35 PM To: Chen Hanxiao Cc: libvir-list@redhat.com Subject: Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be known On Wed, Nov 13, 2013 at 04:51

[libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be known

2013-11-13 Thread Chen Hanxiao
From: Chen Hanxiao chenhanx...@cn.fujitsu.com If we enable userns, we could bind mount some dirs from host to guest, which don't belong to the target mapped uid/gid. Such as we could bind mount root's dirs to guest. What is worse, we could even modify root's files in that bind dir inside

Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be known

2013-11-13 Thread Gao feng
On 11/13/2013 04:51 PM, Chen Hanxiao wrote: From: Chen Hanxiao chenhanx...@cn.fujitsu.com If we enable userns, we could bind mount some dirs from host to guest, which don't belong to the target mapped uid/gid. Such as we could bind mount root's dirs to guest. What is worse, we could even

Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be known

2013-11-13 Thread Daniel P. Berrange
On Wed, Nov 13, 2013 at 04:51:43PM +0800, Chen Hanxiao wrote: From: Chen Hanxiao chenhanx...@cn.fujitsu.com If we enable userns, we could bind mount some dirs from host to guest, which don't belong to the target mapped uid/gid. Such as we could bind mount root's dirs to guest. What is