> I think you point out a solution could be worse that what it cures.
> There are clearly problems with mount over, but imagine that a user does
> an invisible mount over /mnt, doesn't that prevent other mounts which
> are usually made, like /mnt/cdrom, /mnt/loopN, etc?
As previously explained, user mounts are only allowed on directories
for which the user has full write access. Exactly for this reason.
> Every time someone suggests a solution it seems to open a new path to
> possible abuse. And features which only work with a monotonic kernel
> rather than modules would seem to indicate that the feature is nice but
> the implementation might benefit from more thinking time.
Huh? Where did modularitly come into this?
> Frankly the whole statement that the controversial code MUST go in now
> and could be removed later sounds like a salesman telling me I MUST sign
> the contract today, but he will let me out of it if I decide it was a
> mistake.
The point of this thread is to find a solution to a problem. The
discussion is turning up very interesting viewpoints and I'm
understanding the problem better and better, and I think other people
are too.
While I disagree with the view taken by Christoph H., I'm now also
thankful to him for stiring up the mud, because it ended up with a lot
of useful ideas.
In the end I'd like a solution that everybody is happy with. That
means I'm not going to give up searching because someone said, that
the current solution is crappy.
Do you understand my position?
> I'm not against the feature, but a lot of people I consider competent
> seem to find the implementation controversial, which argues for waiting
> until more eyes are on the code.
Yes. I'm not going to ask Andrew to merge the code until I feel that
everybody concerned is happy with it. No matter how many release
cycles it takes.
> If the rest of the code is useless without the controversial part,
> maybe it should all stay a patch to use or not as people decide.
It has been distributed separately from the kernel for 3 years now.
So people _can_ try it out.
Thanks,
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]