On Fri, Nov 29, 2013 at 8:53 PM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote: > On 11/27, Eric W. Biederman wrote: >> >> ebiederm@xxxxxxxxxxxx (Eric W. Biederman) writes: >> >> > Oleg Nesterov <oleg@xxxxxxxxxx> writes: >> >> >> >> Lets ignore the implementation details. Suppose that proc was never >> >> mounted. Then "mount -t proc" should fail after CLONE_NEWUSER | NEWNS? >> > >> > Yes. >> >> Well strictly speaking it should fail after CLONE_NEWUSER | NEWNS | NEWPID. > > Yes, yes, I understand, the mounter should be CAP_SYS_ADMIN in > task_active_pid_ns(). > >> Has this cleared up the confusion? > > Yes. Thanks. > > Oleg. What is the state of this work? It would be nice to see this fixed seen. Users on 3.12 suffer already from this regression. -- Thanks, //richard _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
