Hi, it would be nice when the current
| + if (!capable(CAP_SYS_ADMIN)) | + mnt_flags |= MNT_NODEV; behavior can be relaxed a little bit. I need it e.g. to bind-mount a /dev filesystem into buildroots which will be created during runtime of the vserver. On first glance, | + if (!capable(CAP_SYS_ADMIN) && | + !(flags & (MS_BIND|MS_MOVE))) | + mnt_flags |= MNT_NODEV; seems to have the wanted effect without lowering security. Enrico
pgp7aSPgjF5G2.pgp
Description: PGP signature
_______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver