On 11/27, Eric W. Biederman wrote: > > ebiederm@xxxxxxxxxxxx (Eric W. Biederman) writes: > > > Oleg Nesterov <oleg@xxxxxxxxxx> writes: > >> > >> Lets ignore the implementation details. Suppose that proc was never > >> mounted. Then "mount -t proc" should fail after CLONE_NEWUSER | NEWNS? > > > > Yes. > > Well strictly speaking it should fail after CLONE_NEWUSER | NEWNS | NEWPID. Yes, yes, I understand, the mounter should be CAP_SYS_ADMIN in task_active_pid_ns(). > Has this cleared up the confusion? Yes. Thanks. Oleg. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
