On Thu, Aug 25, 2011 at 10:42:44AM +0400, Pavel Emelyanov wrote: > On 08/24/2011 09:36 PM, Andi Kleen wrote: > > Pavel Emelyanov <xemul@xxxxxxxxxxxxx> writes: > >> > >> No and this is the trick - when you readlink it - it give you trash, but > >> when you open one - you get exactly the same file as the map points to. > > > > Isn't that a minor security hole? > > > > For example if I pass a file descriptor into a chroot process for > > reading, and with this interface you can open it for writing too. > > I could see this causing problems. > > How does it differ from the /proc/pid/fd links? Those cannot be opened I thought. -Andi -- ak@xxxxxxxxxxxxxxx -- Speaking for myself only. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
