Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261934AbVD0S0N (ORCPT ); Wed, 27 Apr 2005 14:26:13 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261938AbVD0S0A (ORCPT ); Wed, 27 Apr 2005 14:26:00 -0400 Received: from albireo.ucw.cz ([84.242.65.67]:28546 "EHLO albireo.ucw.cz") by vger.kernel.org with ESMTP id S261934AbVD0SZb (ORCPT ); Wed, 27 Apr 2005 14:25:31 -0400 Date: Wed, 27 Apr 2005 20:25:28 +0200 From: Martin Mares To: Miklos Szeredi Cc: lmb@suse.de, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] private mounts Message-ID: <20050427182528.GD4241@ucw.cz> References: <20050427092450.GB1819@elf.ucw.cz> <20050427143126.GB1957@mail.shareable.org> <20050427153320.GA19065@atrey.karlin.mff.cuni.cz> <20050427155022.GR4431@marowsky-bree.de> <20050427164652.GA3129@ucw.cz> <20050427175425.GA4241@ucw.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.28i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1119 Lines: 25 Hello! > So yes the check fsuid is not the perfect solution. However let me > remind you that neither is the one with private namespace. What I'm arguing about is that the fsuid check is obscure (it breaks traditional semantics of file permissions [*], it doesn't allow an user to grant access to his user mount to other users, even if the permissions allow that and so on) and it doesn't fully solve the problem anyway. For similar reasons, I don't advocate for private namespaces either. The cure more likely lies in simple policy rules like the "all user mounts belong to /mnt/usr" one, instead of putting dubious policy to the kernel. Have a nice fortnight -- Martin `MJ' Mares http://atrey.karlin.mff.cuni.cz/~mj/ Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth Mr. Worf, scan that ship." "Aye, Captain... 600 DPI? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/