Hi All, I think I found a case, when MNT_LOCKED (5ff9d8a65ce8 "vfs: Lock in place mounts from more privileged users") doesn't help to hide overmounted parts from unprivileged users. The problem exists for mounts, which are not overmounted entirely. In such cases we can open a directory from a target mount, which is not overmounted. Then we do pivot_root to move all mounts in a temporary directory. At the final step we deatch all mounts from the temporary directory. After that all children mounts are umounted from the target mount and we can use our file descriptor to open files, which have been overmount before. Here is a example https://github.com/avagin/userns_vs_mntns. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
