Janne Karhunen <janne.karhunen@xxxxxxxxx> writes: > On Sat, Nov 2, 2013 at 8:06 AM, Gao feng <gaofeng@xxxxxxxxxxxxxx> wrote: > >> And another question, it looks like if we don't have proc/sys fs mounted, >> then proc/sys will be failed to be mounted? > > I have been wondering the same. Was quite some illogical surprise that > we have to be doing overlay mounts. This is the exact opposite from what > anyone would expect. Before I address the question of bugs I will answer the question of semantics. In weird cases like chroot jails it is desirable not to mount /sys and /proc and if root sets that policy it would be unfortunate if user namespaces overrode the policy. It limits what an attacker can accomplish. So yes in the case of /proc and /sys the goal is to limit you to functionality you could have had with bind mounts. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
