Quoting Tejun Heo (tj@xxxxxxxxxx): > Hello, Serge. > > On Wed, Nov 25, 2015 at 12:01:56AM -0600, Serge E. Hallyn wrote: > > that was my goal with https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/commit/?h=cgroupns.v4&id=8eb75d2bb24df59e262f050dce567d2332adc5f3 > > (which was sent inline earlier in this thread in response to Eric) Does > > that look sufficient? > > Hmmm... but that wouldn't work with non-root and user ns. I think Are you sure? IIUC that code block is only hit when we didn't find an already-mounted subsystem. > what's necessary is ensuring that namespace scoped mount never creates > a new hierarchy but always reuses an existing one. > > Thanks. > > -- > tejun > _______________________________________________ > Containers mailing list > Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx > https://lists.linuxfoundation.org/mailman/listinfo/containers _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
