On Mon, Jul 13, 2009 at 6:37 PM, ron minnich<rminn...@gmail.com> wrote:
> On Mon, Jul 13, 2009 at 4:22 PM, Eric Van Hensbergen<eri...@gmail.com> wrote:
>
>> Not sure how easy or difficult this would be inside the kernel -- the
>> central problem last time I looked at it was it was difficult to
>> unshare namespace after the fork.
>
> Well, my mount command cheated. When you ran the mount command, it did
> a fork and set CLONE_NS. You were, at that point, in a private name
> space. Yes, ugly, but it certainly ensured a private mount.
>
Sure, and 9mount could do the same thing, but it would be nice to
enforce it from the kernel somehow.
-eric
