On Thu, 2007-07-26 at 18:54 +0400, Pavel Emelyanov wrote: > > + if (flags & MS_KERNMOUNT) > + ns = (struct pid_namespace *)data; > + else > + ns = current->nsproxy->pid_ns; So, a current /proc mount doesn't use the data pointer at all? Instead of having a brand spanking new mount flag that only one FS uses, how about creating a new fs_type for the internal proc mounts? We could have proc_fs_type and proc_fs_kernel_type each with a quick stub ->get_sb function to find the correct pid_ns and pass it into the real proc_get_sb(). But, the basic problem still boils down to the fact that we don't want random people mounting random pid_ns's /procs. If we set up rules for that, like that you can mount childrens' /proc but not parents', I think this might just fall out and work. -- Dave _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
