Al. Do you want involvement in any of these patches?
If not I will move them in the direction of linux-next and Linus. I
expect they are just interesting enough that I don't want to send them
as bug fixes during rc-late.
The feedback from the review I have recevied has been incorporated into:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-testing
While I have energy I would like to push these things and get these issues fixed.
Eric
ebiederm@xxxxxxxxxxxx (Eric W. Biederman) writes:
> After the last round of feedback I sat down and played with my fix
> for the fact that a strategically placed rename, ".." on bind mounts
> go up past the root of the bind mount.
>
> The code better handles the escaped directory returning into it's bind
> mount, and is now roughly a constant factor cost in all cases from what
> the code costs without the fix.
>
> So I think I have found a better tradeoff between fixing this bug and
> not slowing down path name lookups in the common case.
>
> These fixes are against on v4.0-rc6.
>
> For those who like to see everything in a single tree the code is at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-testing
>
> Eric W. Biederman (4):
> mnt: Track which mounts use a dentry as root.
> vfs: Test for and handle paths that are unreachable from their mnt_root
> vfs: Handle mounts whose parents are unreachable from their mountpoint
> vfs: Do not allow escaping from bind mounts.
>
> fs/dcache.c | 82 +++++++++++++++++++++++++++---
> fs/internal.h | 2 +
> fs/mount.h | 6 +++
> fs/namei.c | 57 +++++++++++++++++----
> fs/namespace.c | 135 +++++++++++++++++++++++++++++++++++++++++++++++--
> include/linux/dcache.h | 13 +++++
> include/linux/namei.h | 2 +
> 7 files changed, 277 insertions(+), 20 deletions(-)
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
