This patchset is an addresses two problems: 1) Not all modifications to the filesystems happen through the vfs and since the vfs can not cope with a mount point being unlinked or renamed filesystems whose modifications that do not come through the vfs are required to lie. 2) Through an oversight it is now possible for one unprivileged user to mount something on another unprivileged users dentry and make it impossible for the other user to unlink or rename that dentry. It is now technically possible to easily lift the restriction on unlinking and renaming files with mount points on them, with a corresponding reduction in complexity of the vfs semantics. After review it seems that there are no objections to this approach as long as we retain the -EBUSY semantics for rmdir, unlink, and rename of mount points in the current mount namespace. The first patch in this series now adds those local mount namespace restrictions. All of the review comments should now be addressed and folded in, and I have take a careful look and it appears what I have is now correct and complete. So I am posting this for one last round of review. Al if you want to take this through the vfs tree, point me at a branch and I will give you versions of these patches that apply cleanly there. Otherwise I will push these patches to my userns tree as soon as all of these patches pass review. Eric W. Biederman (4): vfs: Don't allow overwriting mounts in the current mount namespace vfs: Keep a list of mounts on a mount point vfs: Add a function to lazily unmount all mounts from any dentry. v3 vfs: Lazily remove mounts on unlinked files and directories. v2 fs/afs/dir.c | 3 +- fs/dcache.c | 80 ++++++++++++++++++++---------------------------- fs/fuse/dir.c | 3 +- fs/gfs2/dentry.c | 4 +-- fs/mount.h | 3 ++ fs/namei.c | 55 +++++++++++++++++++++------------ fs/namespace.c | 30 ++++++++++++++++++ fs/nfs/dir.c | 5 +-- fs/sysfs/dir.c | 9 +----- include/linux/dcache.h | 3 +- 10 files changed, 108 insertions(+), 87 deletions(-) _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers