Miklos Szeredi <miklos@xxxxxxxxxx> writes: > There's a simple and effective way to prevent unlink(2) and rename(2) > from operating on any file or directory by simply mounting something > on it. In any mount instance in any namespace. > > Was this considered in the unprivileged mount design? The focus was on not fooling privileged applications and some of the secondary effects that really should have been thought about in more depth were like this one were overlooked. > The solution is also theoretically simple: mounts in unpriv namespaces > are marked "volatile" and are dissolved on an unlink type operation. > > Such volatile mounts would be useful in general too. Agreed. This is a problem that is a general pain with mount namespaces in general. I think the real technical hurdle is finding the mounts t in some random mount namespace. Once we can do that relatively efficiently the rest becomes simple. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
