[Vserver] Relaxing the mount-nodev behavior:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

[Vserver] Relaxing the mount-nodev behavior

From: Enrico Scholz <enrico.scholz_at_informatik.tu-chemnitz.de>
Date: Sun 06 May 2007 - 23:51:07 BST
Message-ID: <87fy69a7ms.fsf@kosh.bigo.ensc.de>

Hi,

it would be nice when the current

| + if (!capable(CAP_SYS_ADMIN))
| + mnt_flags |= MNT_NODEV;

behavior can be relaxed a little bit. I need it e.g. to bind-mount a
/dev filesystem into buildroots which will be created during runtime of
the vserver.

On first glance,

| + if (!capable(CAP_SYS_ADMIN) &&
| + !(flags & (MS_BIND|MS_MOVE)))
| + mnt_flags |= MNT_NODEV;

seems to have the wanted effect without lowering security.

Enrico

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Received on Mon May 7 00:18:36 2007
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 07 May 2007 - 00:18:39 BST by hypermail 2.1.8