[Podman] Re: Rootless - Native overlay not shown in df or mount commands
On 9/6/21 11:34 AM, Giuseppe Scrivano wrote:
exactly. root can create mounts directly in the current mount
namespace
so it doesn't need to create a new one owned by a different user
namespace.
Ok, I see this now. Forgot the part that regular users can't create new
mount points. I was mainly concentrating in the "isolation" aspect of a
new mount namespace.
Wouldn't new mount namespace for rootful containers provide an extra
isolation?
Thanks Gisueppe.