On Mon, Oct 30, 2023 at 6:45 AM Ian Kent <raven@xxxxxxxxxx> wrote: > Is fs/namespace.c:iterate_mounts() a problem? > > It's called from: > > 1) ./kernel/audit_tree.c:709: if (iterate_mounts(compare_root, > 2) ./kernel/audit_tree.c:839: err = iterate_mounts(tag_mount, tree, mnt); > 3) ./kernel/audit_tree.c:917: failed = iterate_mounts(tag_mount, > tree, tagged); > > > From functions 1) audit_trim_trees(), 2) audit_add_tree_rule() and > > 3) audit_tag_tree(). So that interface works like this: - collect_mounts() creates a temporary copy of a mount tree, mounts are chained on mnt_list. - iterate_mounts() is used to do some work on the temporary tree - drop_collected_mounts() frees the temporary tree These mounts are never installed in a namespace. My guess is that a private copy is used instead of the original mount tree to prevent races. Thanks, Miklos
