On Tue, Oct 7, 2014 at 2:26 PM, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > Andy Lutomirski <luto@xxxxxxxxxxxxxx> writes: > >> Why should MNT_LOCKED on submounts be enforced? >> >> Is it because, if you retain a reference to the detached tree, then >> you can see under the submounts? > > Yes. MNT_DETACH is a recursive operation that detaches all of the mount > and all of it's submounts. Which means you can see under the submounts > if you have a reference to a detached mount. > >> If so, let's fix *that*. Because >> otherwise the whole model of pivot_root + detach will break. > > I am not certain what you are referring to. pivot_root doesn't > manipulate the mount tree so you can see under anything. > > What I believe is the appropriate fix is to fail umount2(...,MNT_DETACH) > if there are any referenced mount points being detached that have a > locked submount. Most of the container-using things do, roughly: Unshare userns and mountns Mount some new stuff pivot_root to the new stuff MNT_DETACH the old. That last step will almost always fail if you make this change. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
