Re: [PATCH] private mounts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> I think you point out a solution could be worse that what it cures. 
> There are clearly problems with mount over, but imagine that a user does 
> an invisible mount over /mnt, doesn't that prevent other mounts which 
> are usually made, like /mnt/cdrom, /mnt/loopN, etc?

As previously explained, user mounts are only allowed on directories
for which the user has full write access.  Exactly for this reason.

> Every time someone suggests a solution it seems to open a new path to 
> possible abuse. And features which only work with a monotonic kernel 
> rather than modules would seem to indicate that the feature is nice but 
> the implementation might benefit from more thinking time.

Huh?  Where did modularitly come into this?

> Frankly the whole statement that the controversial code MUST go in now 
> and could be removed later sounds like a salesman telling me I MUST sign 
> the contract today, but he will let me out of it if I decide it was a 
> mistake.

The point of this thread is to find a solution to a problem.  The
discussion is turning up very interesting viewpoints and I'm
understanding the problem better and better, and I think other people
are too.

While I disagree with the view taken by Christoph H., I'm now also
thankful to him for stiring up the mud, because it ended up with a lot
of useful ideas.

In the end I'd like a solution that everybody is happy with.  That
means I'm not going to give up searching because someone said, that
the current solution is crappy.

Do you understand my position?

> I'm not against the feature, but a lot of people I consider competent 
> seem to find the implementation controversial, which argues for waiting 
> until more eyes are on the code.

Yes.  I'm not going to ask Andrew to merge the code until I feel that
everybody concerned is happy with it.  No matter how many release
cycles it takes.

> If the rest of the code is useless without the controversial part,
> maybe it should all stay a patch to use or not as people decide.

It has been distributed separately from the kernel for 3 years now.
So people _can_ try it out.

Thanks,
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux