On Mon, Jul 13, 2009 at 6:16 PM, ron minnich<rminn...@gmail.com> wrote:
> On Mon, Jul 13, 2009 at 3:18 PM, J.R. Mauro<jrm8...@gmail.com> wrote:
>
>> We hope to. One of the reasons it would actually be unwise to let
>> anyone mount anything now is that no one uses per-process namespaces.
>> That's probably fine on your desktop, but not on a server where 20
>> people try to mount something under /mnt/foo or whatnot.
>
> Could we solve this by making private mounts the default (or only
> allowed) behavior?
>
> That's how I did it long ago: it took real effort to make a mount non-private.
>
Not sure how easy or difficult this would be inside the kernel -- the
central problem last time I looked at it was it was difficult to
unshare namespace after the fork. Of course you could check to make
sure you were not in the global namespace and error -- that should be
easy enough.
-eric
