On Fri, Jul 13, 2018 at 8:40 AM, David Howells <dhowells@xxxxxxxxxx> wrote: > Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > >> > Whilst I'm at it, do we want the option of doing the equivalent of >> > mountat()? I.e. offering the option to open all the device files used by >> > a superblock with dfd and AT_* flags in combination with the filename? >> > >> >> Isn't that more or less what I was suggesting? > > Yes, you suggested that. I'm asking if we actually need that. > Suppose some program in a container chroots itself and then tries to create an fscontext backed by "/path/to/blockdev". The syscall gets intercepted by a container manager. That manager now has a somewhat awkward time of mounting the same fs, although it could use "/proc/PID/root/path/to/blockdev", I suppose. Even that approach has some potentially awkward permission issues. I would defer to the people who actually write software like this, but I can imagine fds being considerably easier to work with. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
