[PATCH 04/43] separate copying and locking mount tree on cross-userns copies

David Howells dhowells at redhat.com
Tue Feb 26 15:44:18 UTC 2019

Alan Jenkins <alan.christopher.jenkins at gmail.com> wrote:

> I can see that this covers copy_mnt_ns().  It should also cover what will
> happen in future, if you pass an OPEN_TREE_CLONE fd to a process with a
> different mnt_ns and mnt_ns->user_ns, and that process mounts the fd using
> move_mount().  However, I can't work out how this covers mount propagation
> across namespaces.
> The comment "Notice when we are propagating across user namespaces" is moved
> to attach_recursive_mnt().  I can't find any call to attach_recursive_mount()
> inside the mount propagation code.  Am I overlooking something?

You've spelt the function name two different ways?

Further, attach_recursive_mnt() calls propagation, not the other way round.

David (& Al)

More information about the Linux-security-module-archive mailing list