[PATCH 04/43] separate copying and locking mount tree on cross-userns copies

Alan Jenkins alan.christopher.jenkins at gmail.com
Tue Feb 26 17:45:44 UTC 2019

On 26/02/2019 15:44, David Howells wrote:
> Alan Jenkins <alan.christopher.jenkins at gmail.com> wrote:
>> I can see that this covers copy_mnt_ns().  It should also cover what will
>> happen in future, if you pass an OPEN_TREE_CLONE fd to a process with a
>> different mnt_ns and mnt_ns->user_ns, and that process mounts the fd using
>> move_mount().  However, I can't work out how this covers mount propagation
>> across namespaces.
>> The comment "Notice when we are propagating across user namespaces" is moved
>> to attach_recursive_mnt().  I can't find any call to attach_recursive_mount()
>> inside the mount propagation code.  Am I overlooking something?
> You've spelt the function name two different ways?
> Further, attach_recursive_mnt() calls propagation, not the other way round.
> David (& Al)


I have a (positive) comment on the new mount API, that I was holding 
back due to my confusion here.  I will send it now.


More information about the Linux-security-module-archive mailing list