10 Sep
2013
10 Sep
'13
9:23 a.m.
On 09/10/2013 04:11 PM, Daniel P. Berrange wrote:
Using SELinux, or dropping certain capabilities will prevent that, so this is still useful protection even if unconfined root can get around it. In addition Eric Biederman has a change to allow the mount state to be locked & prevent this approach.
Ok, thanks for your information. I need to take a look at it.