>> I mean, I can write -o ro mounted dirs!. Why?
>
>because the mainline kernel folks are lazy and
>Al Viro considers this a feature instead of a bug :)
>
Thanks and I understand why.
But, if so, something like this could happen,
even with your BME patch.
[Host] # mount -o bind,ro /etc /vserver/103/etc
[Host] # vserver 103 start
[103] # cat /etc/shadow
....you can see shadowed passes from vserver.
I think a root under vserver should be like this:
1. for files under /vserver/103/* -> same as real root.
2. for files bind-mounted from host / -> same as normal user.
your opinion is?
--- Okajima, Jun. Tokyo, Japan.
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
