UML for mount namespaces
I just noticed that User Mode Linux creates a separate namespace for filesystems. e.g. you can mount tmpfs on some directory as root, under UML running as a limited user; you'll only be able to manipulate the tmpfs from UML.
Can the same be done for actual block devices using UML, not just virtual filesystems? Or would that be impossible without ruining user security? It would be really nice to have users able to securely mount stuff, without setuid executables or privileged services.
|