[PATCH 04/43] separate copying and locking mount tree on cross-userns copies
alan.christopher.jenkins at gmail.com
Tue Feb 26 17:45:44 UTC 2019
On 26/02/2019 15:44, David Howells wrote:
> Alan Jenkins <alan.christopher.jenkins at gmail.com> wrote:
>> I can see that this covers copy_mnt_ns(). It should also cover what will
>> happen in future, if you pass an OPEN_TREE_CLONE fd to a process with a
>> different mnt_ns and mnt_ns->user_ns, and that process mounts the fd using
>> move_mount(). However, I can't work out how this covers mount propagation
>> across namespaces.
>> The comment "Notice when we are propagating across user namespaces" is moved
>> to attach_recursive_mnt(). I can't find any call to attach_recursive_mount()
>> inside the mount propagation code. Am I overlooking something?
> You've spelt the function name two different ways?
> Further, attach_recursive_mnt() calls propagation, not the other way round.
> David (& Al)
I have a (positive) comment on the new mount API, that I was holding
back due to my confusion here. I will send it now.
More information about the Linux-security-module-archive