Luis Henriques <luis.henriques@xxxxxxxxxxxxx> writes: > On Sun, May 10, 2015 at 09:23:01PM -0500, Eric W. Biederman wrote: >> >> >> On May 10, 2015 12:59:51 PM CDT, Ben Hutchings <ben@xxxxxxxxxxxxxxx> wrote: >> >Why were these not cc'd to stable? Was this an oversight, or are they >> >simply not needed for fixing any known bugs? >> >> An oversight. >> >> On their own they don't matter but other patches cc'd to stable do depend on them for correct operation. >> >> The fact most of these changes depends on fs_pin likely limits how far they may be bsckported. >> >> >commit cd4a40174b71acd021877341684d8bb1dc8ea4ae >> >Author: Eric W. Biederman <ebiederm@xxxxxxxxxxxx> >> >Date: Wed Jan 7 14:28:26 2015 -0600 >> > >> > mnt: Fail collect_mounts when applied to unmounted mounts >> > > > Thanks, I'm queuing this one for the 3.16 kernel (the 2nd commit > doesn't seem to be applicable to his kernel). Yes. This one isn't harmful back at 3.16. Without the changes to keep mounts bound together until mntput time it is not particularly useful. Keeping mounts bound together until mntput time depends on the fs_pin infrastructure. Keeping mounts bound together until mntput time is what allows fixing things so that users may not abuse umount -l or unmount on mountpoint removal (unlink/rmdir) to split mounts appart and see under existing mounts. Usually seeing what is under existing mounts is generally a don't care as it is typically just an empty directory. Sometimes things are mounted over deliberately, such as /proc/kcore and docker, in which case it becomes unfortunate if unprivileged users can get under those mounts. I hope that puts things in perspective. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
