Oleg Nesterov <oleg@xxxxxxxxxx> writes: > Just to avoid the possible confusion, let me repeat that the fix itsef > looks "obviously fine" to me, "i_nlink != 2" looks obviously wrong. > > I am not arguing with this patch, I am just trying to understand this > logic. > > On 11/27, Eric W. Biederman wrote: >> >> [... snip ...] > > Thanks a lot. > >> For the real concern about jail environments where proc and sysfs are >> not mounted at all a fs_visible check is all that is really required, > > this is what I can't understand... > > Lets ignore the implementation details. Suppose that proc was never > mounted. Then "mount -t proc" should fail after CLONE_NEWUSER | NEWNS? Yes. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
