On 08/24/2011 09:36 PM, Andi Kleen wrote: > Pavel Emelyanov <xemul@xxxxxxxxxxxxx> writes: >> >> No and this is the trick - when you readlink it - it give you trash, but >> when you open one - you get exactly the same file as the map points to. > > Isn't that a minor security hole? > > For example if I pass a file descriptor into a chroot process for > reading, and with this interface you can open it for writing too. > I could see this causing problems. How does it differ from the /proc/pid/fd links? > -Andi > _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
