diff options
author | J. Bruce Fields <bfields@redhat.com> | 2016-05-03 15:16:02 -0400 |
---|---|---|
committer | Anna Schumaker <Anna.Schumaker@Netapp.com> | 2016-05-09 09:05:40 -0400 |
commit | 7e3fcf61abde92a895533b1c6932ad17e073a49c (patch) | |
tree | 271dfb0c8d63d67a024d50e9c2db21c31bd649ac /Documentation | |
parent | 11476e9dec39d90fe1e9bf12abc6f3efe35a073d (diff) |
nfs: don't share mounts between network namespaces
There's no guarantee that an IP address in a different network namespace
actually represents the same endpoint.
Also, if we allow unprivileged nfs mounts some day then this might allow
an unprivileged user in another network namespace to misdirect somebody
else's nfs mounts.
If sharing between containers is really what's wanted then that could
still be arranged explicitly, for example with bind mounts.
Reported-by: "Eric W. Biederman" <ebiederm@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Diffstat (limited to 'Documentation')
0 files changed, 0 insertions, 0 deletions