On Thu, Nov 14, 2013 at 05:44:40PM +0800, Chen Hanxiao wrote:
-Original Message-
From: Daniel P. Berrange [mailto:berra...@redhat.com]
Sent: Wednesday, November 13, 2013 6:35 PM
To: Chen Hanxiao
Cc: libvir-list@redhat.com
Subject: Re: [libvirt] [PATCH v2]lxc: don't mount
-Original Message-
From: Daniel P. Berrange [mailto:berra...@redhat.com]
Sent: Monday, November 18, 2013 11:57 PM
To: Chen Hanxiao
Cc: libvir-list@redhat.com
Subject: Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be
known
On Thu, Nov 14, 2013 at 05:44:40PM
: Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't
be
known
On Wed, Nov 13, 2013 at 04:51:43PM +0800, Chen Hanxiao wrote:
From: Chen Hanxiao chenhanx...@cn.fujitsu.com
If we enable userns, we could bind mount
some dirs from host to guest, which don't belong to
the target
On Thu, Nov 14, 2013 at 05:44:40PM +0800, Chen Hanxiao wrote:
-Original Message-
From: Daniel P. Berrange [mailto:berra...@redhat.com]
Sent: Wednesday, November 13, 2013 6:35 PM
To: Chen Hanxiao
Cc: libvir-list@redhat.com
Subject: Re: [libvirt] [PATCH v2]lxc: don't mount
-Original Message-
From: Daniel P. Berrange [mailto:berra...@redhat.com]
Sent: Wednesday, November 13, 2013 6:35 PM
To: Chen Hanxiao
Cc: libvir-list@redhat.com
Subject: Re: [libvirt] [PATCH v2]lxc: don't mount dir if ownership couldn't be
known
On Wed, Nov 13, 2013 at 04:51
From: Chen Hanxiao chenhanx...@cn.fujitsu.com
If we enable userns, we could bind mount
some dirs from host to guest, which don't belong to
the target mapped uid/gid.
Such as we could bind mount root's dirs to guest.
What is worse, we could even modify root's files
in that bind dir inside
On 11/13/2013 04:51 PM, Chen Hanxiao wrote:
From: Chen Hanxiao chenhanx...@cn.fujitsu.com
If we enable userns, we could bind mount
some dirs from host to guest, which don't belong to
the target mapped uid/gid.
Such as we could bind mount root's dirs to guest.
What is worse, we could even
On Wed, Nov 13, 2013 at 04:51:43PM +0800, Chen Hanxiao wrote:
From: Chen Hanxiao chenhanx...@cn.fujitsu.com
If we enable userns, we could bind mount
some dirs from host to guest, which don't belong to
the target mapped uid/gid.
Such as we could bind mount root's dirs to guest.
What is