"Serge E. Hallyn" <serue@xxxxxxxxxx> writes:
> Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
>> Daniel Lezcano <daniel.lezcano@xxxxxxx> writes:
>> I guess my meaning is I was expecting.
>> child = fork();
>> if (child == 0) {
>> execve(...);
>> }
>> waitpid(child);
>>
>> This puts /bin/sh in the container as well.
>>
>> I'm not certain about the /proc/self thing I have never encountered that.
>> But I guess if your pid is outside of the pid namespace of that instance
>> of proc /proc/self will be a broken symlink.
>>
>> Eric
>
> Hmm, worse than a broken symlink, will it be a wrong symlink if just
> the right pid is created in the container?
It won't happen. readlink and followlink are both based on
task_tgid_nr_ns(current, ns_of_proc).
Which fails if your process is not known in that pid namespace.
Eric
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
