On 11/10/2018 13:14, David Howells wrote:
David Howells <dhowells@xxxxxxxxxx> wrote:
The reason that you can do this with open_tree()/move_mount() is that it
allows you to create a mount tree (OPEN_TREE_CLONE) that has no namespace
assignment, pass it through the namespace switch and then attach it inside the
child namespace. The cross-namespace checks in do_move_mount() are bypassed
because the root of the newly-cloned mount tree doesn't have one.
It's worse than that. The apparently disconnected tree given you by
open_tree(OPEN_TREE_CLONE) is still subject to modification by outside
forces. All it takes is one shared object within that tree.
So I do wonder if it's possible to form a ring, even in an upstream kernel, by
using the propagation mechanism to push through an nsfs mount into itself,
possibly with a layer of indirection (ie. having two mutually-referential
namespaces).
David
Upstream does cover the mount propagation case, by simply never
propagating mounts of mount NS files. See commit 4ce5d2b1a8fd "vfs:
Don't copy mount bind mounts of /proc/<pid>/ns/mnt between namespaces" /
https://unix.stackexchange.com/questions/473717/what-code-prevents-mount-namespace-loops-in-a-more-complex-case-involving-mount-propagation
