To all: sorry for noise, I can't comment this patch.
But Eric, could you please help me to understand? I am totally confused.
So, afaics, initially (even after MS_KERNMOUNT) fs_fully_visible("proc")
should return false.
After the normal "mout -t proc none /proc/" it becomes true.
And it is still true after, say, "mount -t ramfs none /proc/sys" because
"ls -ld /proc/sys" shows ->i_nlink == 1.
However, say, "mount -t ramfs none /proc/tty/" should make
fs_fully_visible() == F, because in this case ->i_nlink == 4.
Correct?
If yes, could you explain what this "!CAP_SYS_ADMIN && !fs_fully_visible"
check actually tries to prevent and why?
Thanks,
Oleg.
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
