From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Michael Kerrisk (man-pages)" Subject: Re: For review: user_namespace(7) man page Date: Tue, 09 Sep 2014 06:59:35 -0700 Message-ID: <540F07C7.9000300@gmail.com> References: <53F5310A.5080503@gmail.com> <87d2bhfxvc.fsf@x220.int.ebiederm.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <87d2bhfxvc.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "Eric W. Biederman" Cc: "linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , richard.weinberger-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, lkml , Andy Lutomirski , mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org List-Id: containers.vger.kernel.org SGkgRXJpYywKCk9uIDA4LzMwLzIwMTQgMDI6NTMgUE0sIEVyaWMgVy4gQmllZGVybWFuIHdyb3Rl Ogo+ICJNaWNoYWVsIEtlcnJpc2sgKG1hbi1wYWdlcykiIDxtdGsubWFucGFnZXNAZ21haWwuY29t PiB3cml0ZXM6Cj4gCj4+IEhlbGxvIEVyaWMgZXQgYWwuLAo+Pgo+PiBGb3IgdmFyaW91cyByZWFz b25zLCBteSB3b3JrIG9uIHRoZSBuYW1lc3BhY2VzIG1hbiBwYWdlcyAKPj4gZmVsbCBvZmYgdGhl IHRhYmxlIGEgd2hpbGUgYmFjay4gTmV2ZXJ0aGVsZXNzLCB0aGUgcGFnZXMgaGF2ZQo+PiBiZWVu IGNsb3NlIHRvIGNvbXBsZXRpb24gZm9yIGEgd2hpbGUgbm93LCBhbmQgSSByZWNlbnRseSByZXN0 YXJ0ZWQsCj4+IGluIGFuIGVmZm9ydCB0byBmaW5pc2ggdGhlbS4gQXMgeW91IGFsc28gbm90ZWQg dG8gbWUgZjJmLCB0aGVyZSBoYXZlCj4+IGJlZW4gcmVjZW50bHkgYmVlbiBzb21lIHNtYWxsIG5h bWVzcGFjZSBjaGFuZ2VzIHRoYXQgeW91IG1heSBhZmZlY3QKPj4gdGhlIGNvbnRlbnQgb2YgdGhl IHBhZ2VzLiBUaGVyZWZvcmUsIEknbGwgdGFrZSB0aGUgb3Bwb3J0dW5pdHkgdG8KPj4gc2VuZCB0 aGUgbmFtZXNwYWNlLXJlbGF0ZWQgcGFnZXMgb3V0IGZvciBmdXJ0aGVyIChmaW5hbD8pIHJldmll dy4KPj4KPj4gU28sIGhlcmUsIEkgc3RhcnQgd2l0aCB0aGUgdXNlcl9uYW1lc3BhY2VzKDcpIHBh Z2UsIHdoaWNoIGlzIHNob3duIAo+PiBpbiByZW5kZXJlZCBmb3JtIGJlbG93LCB3aXRoIHNvdXJj ZSBhdHRhY2hlZCB0byB0aGlzIG1haWwuIEknbGwKPj4gc2VuZCB2YXJpb3VzIG90aGVyIHBhZ2Vz IGluIGZvbGxvdy1vbiBtYWlscy4KPj4KPj4gUmV2aWV3IGNvbW1lbnRzL3N1Z2dlc3Rpb25zIGZv ciBpbXByb3ZlbWVudHMgLyBidWcgZml4ZXMgd2VsY29tZS4KPj4KPj4gQ2hlZXJzLAo+Pgo+PiBN aWNoYWVsCj4+Cj4+ID09Cj4+Cj4+IE5BTUUKPj4gICAgICAgIHVzZXJfbmFtZXNwYWNlcyAtIG92 ZXJ2aWV3IG9mIExpbnV4IHVzZXJfbmFtZXNwYWNlcwo+PgpbLi4uXQoKPj4gICAgICAgIFdoZW4g YSBuZXcgSVBDLCBtb3VudCwgbmV0d29yaywgUElELCBvciBVVFMgbmFtZXNwYWNlIGlzICBjcmVh dGVkCj4+ICAgICAgICB2aWEgY2xvbmUoMikgb3IgdW5zaGFyZSgyKSwgdGhlIGtlcm5lbCByZWNv cmRzIHRoZSB1c2VyIG5hbWVzcGFjZQo+PiAgICAgICAgb2YgdGhlIGNyZWF0aW5nIHByb2Nlc3Mg YWdhaW5zdCB0aGUgbmV3IG5hbWVzcGFjZS4gIChUaGlzIGFzc29jaeKAkAo+PiAgICAgICAgYXRp b24gIGNhbid0ICBiZSAgY2hhbmdlZC4pICAgV2hlbiBhIHByb2Nlc3MgaW4gdGhlIG5ldyBuYW1l c3BhY2UKPj4gICAgICAgIHN1YnNlcXVlbnRseSAgcGVyZm9ybXMgIHByaXZpbGVnZWQgIG9wZXJh dGlvbnMgIHRoYXQgIG9wZXJhdGUgIG9uCj4+ICAgICAgICBnbG9iYWwgcmVzb3VyY2VzIGlzb2xh dGVkIGJ5IHRoZSBuYW1lc3BhY2UsIHRoZSBwZXJtaXNzaW9uIGNoZWNrcwo+PiAgICAgICAgYXJl IHBlcmZvcm1lZCBhY2NvcmRpbmcgdG8gdGhlIHByb2Nlc3MncyBjYXBhYmlsaXRpZXMgaW4gdGhl IHVzZXIKPj4gICAgICAgIG5hbWVzcGFjZSB0aGF0IHRoZSBrZXJuZWwgYXNzb2NpYXRlZCB3aXRo IHRoZSBuZXcgbmFtZXNwYWNlLgo+IAo+IFJlc3RyaWN0aW9ucyBvbiBtb3VudCBuYW1lc3BhY2Vz Lgo+IAo+IC0gQSBtb3VudCBuYW1lc3BhY2UgaGFzIGEgb3duZXIgdXNlciBuYW1lc3BhY2UuICBB IG1vdW50IG5hbWVzcGFjZSB3aG9zZQo+ICAgb3duZXIgdXNlciBuYW1lc3BhY2UgaXMgZGlmZmVy ZW50IHRoYW4gdGhlIG93ZXJuZXIgdXNlciBuYW1lc3BhY2Ugb2YKPiAgIGl0J3MgcGFyZW50IG1v dW50IG5hbWVzcGFjZSBpcyBjb25zaWRlcmVkIGEgbGVzcyBwcml2aWxlZ2VkIG1vdW50Cj4gICBu YW1lc3BhY2UuCj4gCj4gLSBXaGVuIGNyZWF0aW5nIGEgbGVzcyBwcml2aWxlZ2VkIG1vdW50IG5h bWVzcGFjZSBzaGFyZWQgbW91bnRzIGFyZQo+ICAgcmVkdWNlZCB0byBzbGF2ZSBtb3VudHMuICBU aGlzIGVuc3VyZXMgdGhhdCBtYXBwaW5ncyBwZXJmb3JtZWQgaW4gbGVzcwo+ICAgcHJpdmlsZWdl ZCBtb3VudCBuYW1lc3BhY2VzIHdpbGwgbm90IHByb3BvZ2F0ZSB0byBtb3JlIHByaXZpZWxnZWQK PiAgIG1vdW50IG5hbWVzcGFjZXMuCj4gCj4gLSBNb3VudHMgdGhhdCBjb21lIGFzIGEgc2luZ2xl IHVuaXQgZnJvbSBtb3JlIHByaXZpbGVnZWQgbW91bnQgYXJlCj4gICBsb2NrZWQgdG9nZXRoZXIg YW5kIG1heSBub3QgYmUgc2VwYXJhdGVkIGluIGEgbGVzcyBwcml2aWVsZ2VkIG1vdW50Cj4gICBu YW1lc3BhY2UuCgpDb3VsZCB5b3UgY2xhcmlmeSB3aGF0IHlvdSBtZWFuIGJ5ICJNb3VudHMgdGhh dCBjb21lIGFzIGEgc2luZ2xlIHVuaXQiPwogCj4gLSBUaGUgbW91bnQgZmxhZ3MgcmVhZG9ubHks IG5vZGV2LCBub3N1aWQsIG5vZXhlYywgYW5kIHRoZSBtb3VudCBhdGltZQo+ICAgc2V0dGluZ3Mg d2hlbiBwcm9wb2dhdGVkIGZyb20gYSBtb3JlIHByaXZpZWxnZWQgdG8gYSBsZXNzIHByaXZpbGVn ZWQKPiAgIG1vdW50IG5hbWVzcGFjZSBiZWNvbWUgbG9ja2VkLCBhbmQgbWF5IG5vdCBiZSBjaGFu Z2VkIGluIHRoZSBsZXNzCj4gICBwcml2aWVsZ2VkIG1vdW50IG5hbWVzcGFjZS4KPiAKPiAtIChB cyBvZiAzLjE4LXJjMSAoaW4gdG9kYXlzIEFsIFZpcm9zIHZmcy5naXQjZm9yLW5leHQgdHJlZSkp IEEgZmlsZSBvcgo+ICAgZGlyZWN0b3J5IHRoYXQgaXMgYSBtb3VudHBvaW50IGluIG9uZSBuYW1l c3BhY2UgdGhhdCBpcyBub3QgYSBtb3VudAo+ICAgcG9pbnQgaW4gYW5vdGhlciBuYW1lc3BhY2Us IG1heSBiZSByZW5hbWVkLCB1bmxpbmtlZCwgb3Igcm1kaXJlZCBpbgo+ICAgdGhlIG1vdW50IG5h bWVzcGFjZSBpbiB3aGljaCBpdCBpcyBub3QgYSBtb3VudCBuYW1lc3BhY2UgaWYgdGhlCj4gICBv cmRpbmFyeSBwZXJtaXNzaW9uIGNoZWNrcyBwYXNzLgo+IAo+ICAgUHJldmlvdXNseSBhdHRlbXBp bmcgdG8gcm1kaXIsIHVubGluayBvciByZW5hbWUgYSBmaWxlIG9yIGRpcmVjdG9yeQo+ICAgdGhh dCB3YXMgYSBtb3VudCBwb2ludCBpbiBhbm90aGVyIG1vdW50IG5hbWVzcGFjZSB3b3VsZCByZXN1 bHQgaW4KPiAgIC1FQlVTWS4gIFRoaXMgYmVoYXZpb3IgaGFkIHRlY2huaWNhbCBwcm9ibGVtcyBv ZiBlbmZvcmNlbWVudCAobmZzKQo+ICAgYW5kIHJlc3VsdGVkIGluIGEgbmljZSBkZW5pYWwgb2Yg c2VydmlhbCBhdHRhY2sgYWdhaW5zdCBtb3JlCj4gICBwcml2aWxlZ2VkIHVzZXJzLiAgKEFrYSBw cmV2ZW50aW5nIGluZGl2aWR1YWwgZmlsZXMgZnJvbSBiZWluZyB1cGRhdGVkCj4gICBieSBiaW5k IG1vdW50aW5nIG9uIHRvcCBvZiB0aGVtKS4KCkkgaGF2ZSByZXdvcmtlZCB0aGUgdGV4dCBhYm92 ZSBhIGxpdHRsZSBzbyB0aGF0IG5vdyB3ZSBoYXZlIHRoZSBmb2xsb3dpbmcuCkFzaWRlIGZyb20g cXVlc3Rpb24gYWJvdmUsIGRvZXMgaXQgbG9vayBva2F5PwoKICAgUmVzdHJpY3Rpb25zIG9uIG1v dW50IG5hbWVzcGFjZXMKICAgICAgIE5vdGUgdGhlIGZvbGxvd2luZyBwb2ludHMgd2l0aCByZXNw ZWN0IHRvIG1vdW50IG5hbWVzcGFjZXM6CgogICAgICAgKiAgQSAgbW91bnQgIG5hbWVzcGFjZSAg aGFzICBuYSAgb3duZXIgdXNlciBuYW1lc3BhY2UuICBBIG1vdW50CiAgICAgICAgICBuYW1lc3Bh Y2Ugd2hvc2Ugb3duZXIgdXNlciBuYW1lc3BhY2UgaXMgZGlmZmVyZW50ICBmcm9tICB0aGUKICAg ICAgICAgIG93bmVyICB1c2VyICBuYW1lc3BhY2Ugb2YgaXRzIHBhcmVudCBtb3VudCBuYW1lc3Bh Y2UgaXMgY29u4oCQCiAgICAgICAgICBzaWRlcmVkIGEgbGVzcyBwcml2aWxlZ2VkIG1vdW50IG5h bWVzcGFjZS4KCiAgICAgICAqICBXaGVuIGNyZWF0aW5nIGEgIGxlc3MgIHByaXZpbGVnZWQgIG1v dW50ICBuYW1lc3BhY2UsICBzaGFyZWQKICAgICAgICAgIG1vdW50cyAgYXJlIHJlZHVjZWQgdG8g c2xhdmUgbW91bnRzLiAgVGhpcyBlbnN1cmVzIHRoYXQgbWFw4oCQCiAgICAgICAgICBwaW5ncyBw ZXJmb3JtZWQgaW4gbGVzcyBwcml2aWxlZ2VkIG1vdW50IG5hbWVzcGFjZXMgd2lsbCBub3QKICAg ICAgICAgIHByb3BhZ2F0ZSB0byBtb3JlIHByaXZpbGVnZWQgbW91bnQgbmFtZXNwYWNlcy4KCiAg ICAgICAqICBNb3VudHMgdGhhdCBjb21lIGFzIGEgc2luZ2xlIHVuaXQgZnJvbSBtb3JlIHByaXZp bGVnZWQgbW91bnQKICAgICAgICAgIGFyZSBsb2NrZWQgdG9nZXRoZXIgYW5kIG1heSBub3QgYmUg c2VwYXJhdGVkIGluIGEgbGVzcyBwcml24oCQCiAgICAgICAgICBpbGVnZWQgbW91bnQgbmFtZXNw YWNlLgoKICAgICAgICogIFRoZSAgbW91bnQoMikgZmxhZ3MgTVNfUkRPTkxZLCBNU19OT1NVSUQs IE1TX05PRVhFQywgYW5kIHRoZQogICAgICAgICAgImF0aW1lIiBmbGFncyAoTVNfTk9BVElNRSwg TVNfTk9ESVJBVElNRSwgTVNfUkVMQVRJTUUpICBzZXTigJAKICAgICAgICAgIHRpbmdzICBiZWNv bWUgIGxvY2tlZCB3aGVuIHByb3BhZ2F0ZWQgZnJvbSBhIG1vcmUgcHJpdmlsZWdlZAogICAgICAg ICAgdG8gYSBsZXNzIHByaXZpbGVnZWQgbW91bnQgbmFtZXNwYWNlLCBhbmQgbWF5IG5vdCBiZSBj aGFuZ2VkCiAgICAgICAgICBpbiB0aGUgbGVzcyBwcml2aWxlZ2VkIG1vdW50IG5hbWVzcGFjZS4K CiAgICAgICAqICBBICBmaWxlICBvciBkaXJlY3RvcnkgdGhhdCBpcyBhIG1vdW50IHBvaW50IGlu IG9uZSBuYW1lc3BhY2UKICAgICAgICAgIHRoYXQgaXMgbm90IGEgbW91bnQgIHBvaW50ICBpbiAg YW5vdGhlciAgbmFtZXNwYWNlLCAgbWF5ICBiZQogICAgICAgICAgcmVuYW1lZCwgdW5saW5rZWQs IG9yIHJlbW92ZWQgKHJtZGlyKDIpKSBpbiB0aGUgbW91bnQgbmFtZXPigJAKICAgICAgICAgIHBh Y2UgaW4gd2hpY2ggaXQgaXMgbm90IGEgbW91bnQgcG9pbnQgKHN1YmplY3QgdG8gdGhlICB1c3Vh bAogICAgICAgICAgcGVybWlzc2lvbiBjaGVja3MpLgoKICAgICAgICAgIFByZXZpb3VzbHksICBh dHRlbXB0aW5nICB0byB1bmxpbmssIHJlbmFtZSwgb3IgcmVtb3ZlIGEgZmlsZQogICAgICAgICAg b3IgZGlyZWN0b3J5IHRoYXQgd2FzIGEgbW91bnQgcG9pbnQgaW4gYW5vdGhlciBtb3VudCAgbmFt ZXPigJAKICAgICAgICAgIHBhY2UgIHdvdWxkICByZXN1bHQgIGluICB0aGUgZXJyb3IgRUJVU1ku ICBUaGF0IGJlaGF2aW9yIGhhZAogICAgICAgICAgdGVjaG5pY2FsIHByb2JsZW1zIG9mIGVuZm9y Y2VtZW50IChlLmcuLCBmb3IgTkZTKSAgYW5kICBwZXLigJAKICAgICAgICAgIG1pdHRlZCAgZGVu aWFsLW9mLXNlcnZpY2UgIGF0dGFja3MgIGFnYWluc3QgIG1vcmUgcHJpdmlsZWdlZAogICAgICAg ICAgdXNlcnMuICAgKGkuZS4sICBwcmV2ZW50aW5nICBpbmRpdmlkdWFsICBmaWxlcyAgZnJvbSAg IGJlaW5nCiAgICAgICAgICB1cGRhdGVkIGJ5IGJpbmQgbW91bnRpbmcgb24gdG9wIG9mIHRoZW0p LgoKQ2hlZXJzLAoKTWljaGFlbAoKCgoKCi0tIApNaWNoYWVsIEtlcnJpc2sKTGludXggbWFuLXBh Z2VzIG1haW50YWluZXI7IGh0dHA6Ly93d3cua2VybmVsLm9yZy9kb2MvbWFuLXBhZ2VzLwpMaW51 eC9VTklYIFN5c3RlbSBQcm9ncmFtbWluZyBUcmFpbmluZzogaHR0cDovL21hbjcub3JnL3RyYWlu aW5nLwpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpDb250 YWluZXJzIG1haWxpbmcgbGlzdApDb250YWluZXJzQGxpc3RzLmxpbnV4LWZvdW5kYXRpb24ub3Jn Cmh0dHBzOi8vbGlzdHMubGludXhmb3VuZGF0aW9uLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2NvbnRh aW5lcnM= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756730AbaIIOA0 (ORCPT ); Tue, 9 Sep 2014 10:00:26 -0400 Received: from mail-pd0-f173.google.com ([209.85.192.173]:37662 "EHLO mail-pd0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756661AbaIIOAW (ORCPT ); Tue, 9 Sep 2014 10:00:22 -0400 Message-ID: <540F07C7.9000300@gmail.com> Date: Tue, 09 Sep 2014 06:59:35 -0700 From: "Michael Kerrisk (man-pages)" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0 MIME-Version: 1.0 To: "Eric W. Biederman" CC: mtk.manpages@gmail.com, lkml , "linux-man@vger.kernel.org" , containers@lists.linux-foundation.org, Andy Lutomirski , richard.weinberger@gmail.com, "Serge E. Hallyn" Subject: Re: For review: user_namespace(7) man page References: <53F5310A.5080503@gmail.com> <87d2bhfxvc.fsf@x220.int.ebiederm.org> In-Reply-To: <87d2bhfxvc.fsf@x220.int.ebiederm.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Eric, On 08/30/2014 02:53 PM, Eric W. Biederman wrote: > "Michael Kerrisk (man-pages)" writes: > >> Hello Eric et al., >> >> For various reasons, my work on the namespaces man pages >> fell off the table a while back. Nevertheless, the pages have >> been close to completion for a while now, and I recently restarted, >> in an effort to finish them. As you also noted to me f2f, there have >> been recently been some small namespace changes that you may affect >> the content of the pages. Therefore, I'll take the opportunity to >> send the namespace-related pages out for further (final?) review. >> >> So, here, I start with the user_namespaces(7) page, which is shown >> in rendered form below, with source attached to this mail. I'll >> send various other pages in follow-on mails. >> >> Review comments/suggestions for improvements / bug fixes welcome. >> >> Cheers, >> >> Michael >> >> == >> >> NAME >> user_namespaces - overview of Linux user_namespaces >> [...] >> When a new IPC, mount, network, PID, or UTS namespace is created >> via clone(2) or unshare(2), the kernel records the user namespace >> of the creating process against the new namespace. (This associ‐ >> ation can't be changed.) When a process in the new namespace >> subsequently performs privileged operations that operate on >> global resources isolated by the namespace, the permission checks >> are performed according to the process's capabilities in the user >> namespace that the kernel associated with the new namespace. > > Restrictions on mount namespaces. > > - A mount namespace has a owner user namespace. A mount namespace whose > owner user namespace is different than the owerner user namespace of > it's parent mount namespace is considered a less privileged mount > namespace. > > - When creating a less privileged mount namespace shared mounts are > reduced to slave mounts. This ensures that mappings performed in less > privileged mount namespaces will not propogate to more privielged > mount namespaces. > > - Mounts that come as a single unit from more privileged mount are > locked together and may not be separated in a less privielged mount > namespace. Could you clarify what you mean by "Mounts that come as a single unit"? > - The mount flags readonly, nodev, nosuid, noexec, and the mount atime > settings when propogated from a more privielged to a less privileged > mount namespace become locked, and may not be changed in the less > privielged mount namespace. > > - (As of 3.18-rc1 (in todays Al Viros vfs.git#for-next tree)) A file or > directory that is a mountpoint in one namespace that is not a mount > point in another namespace, may be renamed, unlinked, or rmdired in > the mount namespace in which it is not a mount namespace if the > ordinary permission checks pass. > > Previously attemping to rmdir, unlink or rename a file or directory > that was a mount point in another mount namespace would result in > -EBUSY. This behavior had technical problems of enforcement (nfs) > and resulted in a nice denial of servial attack against more > privileged users. (Aka preventing individual files from being updated > by bind mounting on top of them). I have reworked the text above a little so that now we have the following. Aside from question above, does it look okay? Restrictions on mount namespaces Note the following points with respect to mount namespaces: * A mount namespace has na owner user namespace. A mount namespace whose owner user namespace is different from the owner user namespace of its parent mount namespace is con‐ sidered a less privileged mount namespace. * When creating a less privileged mount namespace, shared mounts are reduced to slave mounts. This ensures that map‐ pings performed in less privileged mount namespaces will not propagate to more privileged mount namespaces. * Mounts that come as a single unit from more privileged mount are locked together and may not be separated in a less priv‐ ileged mount namespace. * The mount(2) flags MS_RDONLY, MS_NOSUID, MS_NOEXEC, and the "atime" flags (MS_NOATIME, MS_NODIRATIME, MS_RELATIME) set‐ tings become locked when propagated from a more privileged to a less privileged mount namespace, and may not be changed in the less privileged mount namespace. * A file or directory that is a mount point in one namespace that is not a mount point in another namespace, may be renamed, unlinked, or removed (rmdir(2)) in the mount names‐ pace in which it is not a mount point (subject to the usual permission checks). Previously, attempting to unlink, rename, or remove a file or directory that was a mount point in another mount names‐ pace would result in the error EBUSY. That behavior had technical problems of enforcement (e.g., for NFS) and per‐ mitted denial-of-service attacks against more privileged users. (i.e., preventing individual files from being updated by bind mounting on top of them). Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/