On Mon, Oct 8, 2018 at 11:53 PM Aleksa Sarai <cyphar@xxxxxxxxxx> wrote: > * AT_NO_PROCLINK: Disallows ->get_link "symlink" jumping. This is a very > specific restriction, and it exists because /proc/$pid/fd/... > "symlinks" allow for access outside nd->root and pose risk to > container runtimes that don't want to be tricked into accessing a host > path (but do want to allow no-funny-business symlink resolution). Can you elaborate on the use case? If I'm set up a container namespace and walk it for real (through the outside /proc/PID/root or otherwise starting from an fd that points into that namespace), and I walk through that namespace's /proc, I'm going to see the same thing that the processes in the namespace would see. So what's the issue? Similarly, if I somehow manage to walk into the outside /proc, then I've pretty much lost regardless of the links. --Andy
