From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) Subject: Re: [PATCH] user_ns: Add support for unprivileged remount Date: Thu, 13 Sep 2012 14:26:36 -0700 Message-ID: <87fw6lfwc3.fsf@xmission.com> References: <50519CB2.7040801@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <50519CB2.7040801-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> (Zhao Hongjiang's message of "Thu, 13 Sep 2012 16:43:30 +0800") List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Zhao Hongjiang Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org List-Id: containers.vger.kernel.org Zhao Hongjiang writes: > From: Zhao Hongjiang > > Relax the permission checks to allow unprivileged users that have > CAP_SYS_ADMIN permissions in the user namespace referred to by the > current mount namespace to be allowed to remount filesystems. Remount in general make filesystem configuration changes not mount level changes. In general remount is not safe for unprivielged users. Do you have a use case where you need to remount a filesystem? Eric