From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <13426df10907131616k203f0676yb181157cac24d179@mail.gmail.com> References: <0F3972F5-D44B-4231-97FA-C6CE871B032B@gmail.com> <140e7ec30907130124g1a0e4c90m6d83a08516d95463@mail.gmail.com> <3aaafc130907131518y74523ef8rf9ddb92fb3d3d105@mail.gmail.com> <13426df10907131616k203f0676yb181157cac24d179@mail.gmail.com> Date: Mon, 13 Jul 2009 18:22:23 -0500 Message-ID: From: Eric Van Hensbergen To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [9fans] v9fs question Topicbox-Message-UUID: 1df2f422-ead5-11e9-9d60-3106f5b1d025 On Mon, Jul 13, 2009 at 6:16 PM, ron minnich wrote: > On Mon, Jul 13, 2009 at 3:18 PM, J.R. Mauro wrote: > >> We hope to. One of the reasons it would actually be unwise to let >> anyone mount anything now is that no one uses per-process namespaces. >> That's probably fine on your desktop, but not on a server where 20 >> people try to mount something under /mnt/foo or whatnot. > > Could we solve this by making private mounts the default (or only > allowed) behavior? > > That's how I did it long ago: it took real effort to make a mount non-private. > Not sure how easy or difficult this would be inside the kernel -- the central problem last time I looked at it was it was difficult to unshare namespace after the fork. Of course you could check to make sure you were not in the global namespace and error -- that should be easy enough. -eric