Am 19.11.2015 um 08:47 schrieb James Morris: > On Wed, 18 Nov 2015, Richard Weinberger wrote: > >> On Wed, Nov 18, 2015 at 4:13 PM, Al Viro <v...@zeniv.linux.org.uk> wrote: >>> On Wed, Nov 18, 2015 at 09:05:12AM -0600, Seth Forshee wrote: >>> >>>> Yes, the host admin. I'm not talking about trusting the admin inside the >>>> container at all. >>> >>> Then why not have the same host admin just plain mount it when setting the >>> container up and be done with that? From the host namespace, before >>> spawning >>> the docker instance or whatever framework you are using. IDGI... >> >> Because hosting companies sell containers as "full virtual machines" >> and customers expect to be able mount stuff like disk images they upload. > > I don't think this is a valid reason for merging functionality into the > kernel.
Erm, I don't want this in the kernel. That's why I've proposed the lklfuse approach. Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
