Quoting Tetsuo Handa ([EMAIL PROTECTED]):
> Hello.
>
> Serge E. Hallyn wrote:
> > > Does a process get different mount trees by just calling clone() or
> > > unshare()?
> > > My understanding is that clone() or unshare() disables propergation of
> > > mount tree changes when somebody calls mount(
--- [EMAIL PROTECTED] wrote:
> I'm pretty sure that most of the security community agrees on what "correct"
> means - the disagreement is in the most cost-effective way to *create* one.
Struth. (I'm practicing my Australian, it's gotten rusty)
I say that the the only rational way to create a po
Hello.
Serge E. Hallyn wrote:
> > Does a process get different mount trees by just calling clone() or
> > unshare()?
> > My understanding is that clone() or unshare() disables propergation of
> > mount tree changes when somebody calls mount() or umount() or pivot_root().
>
> Yes, with further pr
Quoting Tetsuo Handa ([EMAIL PROTECTED]):
> Hello.
>
> Serge E. Hallyn wrote:
> > > > > * namespace manipulation. (i.e. mount()/umount()/pivot_root())
> > > >
> > > > do you track mounts namespace cloning?
> > > >
> > > Yes. TOMOYO can recognize mount operation with the following flags.
> > >