Re: [RESEND PATCH v4 0/3] proc: Relax check of mount visibility

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Alexey Gladkov <gladkov.alexey@xxxxxxxxx> writes:

> If only the dynamic part of procfs is mounted (subset=pid), then there is no
> need to check if procfs is fully visible to the user in the new user
> namespace.


A couple of things.

1) Allowing the mount should come in the last patch.  So we don't have a
bisect hazard.

2) We should document that we still require a mount of proc to match on
atime and readonly mount attributes.

3) If we can find a way to safely not require a previous mount of proc
this will be much more valuable.

Eric
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux