Arun Chandran: > No with 'sudo mount ..' the .wh.* files are created with label of the > user test not with the label of root. > [This is because objects gets label of the process; label of user test > is "k1"; sudo is not changing label]
I see. It may be a very basic building block of security label NOT to use the effective uid. Back in our simple tests, cd layer1/ > .wh..wh.aufs ln .wh..wh.aufs .wh.0.txt - by a normal user, .wh..wh.aufs will have access="k1". - sudo by a normal user, it will be access="k1" too. - by a plain superuser, it will be access="_". right? And "sudo mount" sets access="k1" to .wh..wh.aufs. Good. It must be the way to go, isn't it? J. R. Okajima ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi