"Serge E. Hallyn" <serge@xxxxxxxxxx> writes: > Quoting Serge E. Hallyn (serge@xxxxxxxxxx): >> Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx): >> > >> > Serge does this patch break lxc? I think all should be well but I want >> > to make certain there is not some hidden case where this fundamentaly >> > breaks some functionality. >> >> I haven't yet tried. I'll build and test a kernel today. I'm pretty >> sure all the child's mounts are done after clone, so I *think* the worst >> case will be that the unmounting of put_old after pivot_root() will >> be noisy. Will let you know. >> >> -serge > > Just tested it - works fine. Warns about all of the failed umounts. Just to confirm. Can you do a lazy umount of put_old and get rid of them? > Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx> > > ( Mind you I'm not approving of the idea of hiding mounts as a security > mechanisms, but I know that neither are you :) As a security mechanism, not really. This is more about closing a theoretical hole in case someone was sloppy, and doing it before user namespaces are too widely deployed so we avoid massive user space breakage. It let's me sleep more soundly at night if I know you can't more access more with user namespaces that you can without user namespaces. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
