Andy Lutomirski <luto@xxxxxxxxxxxxxx> writes: > Can we please just get rid of this implicit nodev thing once and for all? If it > breaks some really weird /proc use case, then I think the right fix is to > stop enforcing the nodev lock for the proc fully visible check. After > all, /proc doesn't contain useful device nodes anyway. On second look I don't think that will actually cause issues in this case. I actually have a fix for the implicit nodev weirdness in my development qeueue but it requires figuring out how to add s_user_ns to superblocks. My last round of testing told me I was doing that wrong. But if the implicit nodev is actually a problem I will definitely delay this until I have that change ready to go as well. > Other than that, the code here looks okay to me on brief inspection. At a practical level I am concerned that enforcing things like noexec and nosuid from the original normal global proc might cause problems for things like sandstorm, lxc, and possibly libvirt-lxc. So I would really appreciate if people associated with those projects could test this and tell me if I break things. Other than my stupid refactor in my code for /proc/fs/nfsd that causes the kernel to oops :( Doh! Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
