On Mon, Feb 21, 2022 at 10:46:26AM -0600, Eric W. Biederman wrote: > Such as breaking userspace code? Maybe. > > Currently we exempt nsfs dentries from the same namespace restriction > when cloning them. > > If I read your proposal correctly you are proposing only exempting nsfs > dentries that are internally mounted from the same namespace > restriction. > > We need to keep the ordinary case of bind mounts from one nsfs dentry to > another dentry working even after it is mounted. Sure - all of that is only checked if old_path.mnt is not already in our namespace. If you bind it in one place and then bind that to another, the usual logics will trigger.
