[Devel] Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
Karel Zak
kzak at redhat.com
Tue Apr 24 17:04:14 PDT 2007
On Fri, Apr 20, 2007 at 12:25:32PM +0200, Miklos Szeredi wrote:
> The following extra security measures are taken for unprivileged
> mounts:
>
> - usermounts are limited by a sysctl tunable
> - force "nosuid,nodev" mount options on the created mount
The original userspace "user=" solution also implies the "noexec"
option by default (you can override the default by "exec" option).
It means the kernel based solution is not fully compatible ;-(
Karel
--
Karel Zak <kzak at redhat.com>
Red Hat Czech s.r.o.
Purkynova 99/71, 612 45 Brno, Czech Republic
Reg.id: CZ27690016
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list