On 11/27, Eric W. Biederman wrote:
>
> Oleg Nesterov <oleg@xxxxxxxxxx> writes:
>
> > Just to avoid the possible confusion, let me repeat that the fix itsef
> > looks "obviously fine" to me, "i_nlink != 2" looks obviously wrong.
> >
> > I am not arguing with this patch, I am just trying to understand this
> > logic.
> >
> > On 11/27, Eric W. Biederman wrote:
> >>
> >> [... snip ...]
> >
> > Thanks a lot.
> >
> >> For the real concern about jail environments where proc and sysfs are
> >> not mounted at all a fs_visible check is all that is really required,
> >
> > this is what I can't understand...
> >
> > Lets ignore the implementation details. Suppose that proc was never
> > mounted. Then "mount -t proc" should fail after CLONE_NEWUSER | NEWNS?
>
> Yes.
OK, and I agree this makes sense. Just from the code inspection it wasn't
clear to me if this was intended or not. Plus nlink("/proc/sys") == 1 added
more confusion ;)
Thanks to all.
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
