Gao feng <gaofeng@xxxxxxxxxxxxxx> writes: > On 11/27/2013 08:17 AM, Eric W. Biederman wrote: >> >> Gao feng <gaofeng@xxxxxxxxxxxxxx> reported that commit >> e51db73532955dc5eaba4235e62b74b460709d5b >> userns: Better restrictions on when proc and sysfs can be mounted >> caused a regression on mounting a new instance of proc in a mount >> namespace created with user namespace privileges, when binfmt_misc >> is mounted on /proc/sys/fs/binfmt_misc. >> >> This is an unintended regression caused by the absolutely bogus empty >> directory check in fs_fully_visible. The check fs_fully_visible replaced >> didn't even bother to attempt to verify proc was fully visible and >> hiding proc files with any kind of mount is rare. So for now fix >> the userspace regression by allowing directory with nlink == 1 >> as /proc/sys/fs/binfmt_misc has. >> >> I will have a better patch but it is not stable material, or >> last minute kernel material. So it will have to wait. >> >> Cc: stable@xxxxxxxxxxxxxxx >> Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> >> --- >> fs/namespace.c | 2 +- >> 1 files changed, 1 insertions(+), 1 deletions(-) >> >> diff --git a/fs/namespace.c b/fs/namespace.c >> index ac2ce8a766e1..be32ebccdeb1 100644 >> --- a/fs/namespace.c >> +++ b/fs/namespace.c >> @@ -2886,7 +2886,7 @@ bool fs_fully_visible(struct file_system_type *type) >> struct inode *inode = child->mnt_mountpoint->d_inode; >> if (!S_ISDIR(inode->i_mode)) >> goto next; >> - if (inode->i_nlink != 2) >> + if (inode->i_nlink > 2) >> goto next; >> } >> visible = true; >> > > As a quick fix. > > Acked-by: Gao feng <gaofeng@xxxxxxxxxxxxxx> > Tested-by: Gao feng <gaofeng@xxxxxxxxxxxxxx> > > looking forward to your following patch. :) I might have to be prodded. Sometimes it looks easy and sometimes I go ick locking craziness. Once I am done sorting out the regressions I plan on focusing on the mount issues between namespaces. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
