On Saturday 11 October 2003 07:31, Herbert Poetzl wrote: > On Sat, Oct 11, 2003 at 06:16:05AM +0300, Alex Lyashkov wrote: > > On Friday 10 October 2003 20:33, Jacques Gelinas wrote: > > > On Thu, 9 Oct 2003 07:04:02 -0500, Alex Lyashkov wrote > > > > > > > > This is probably a minor problem, but if we want to support > > > > > vservers inside vserver we must allow mount ? This is a problem. > > > > > mount let you DOS a machine. Further, mount is covered by a very > > > > > broad capability. > > > > > > > > > > Am I missing something ? > > > > > > > > yes. > > > > In private namespace created _private_ mounts tree. > > > > i see one posible DDoS - you can be use it for kernel exhaust memory > > > > when do many many mounts. > > > > What DDoS you see ? > > > > > > Mounting a broken file system can brind the OS down. > > > > for mount broken file system - host administrator need allow to use > > broken modules or had broken filesystems on hard disk and add node this > > device to vps. it`s right ? > > if other - please detail this DDoS for i can test it. > > do you allow raw block device access? i not create nodes for this.
-- With best regards, Alex
