Hello Mike, On 9/19/19 7:43 AM, Mike Frysinger wrote: > Threads are allowed to switch mount namespaces if the filesystem > details aren't being shared. That's the purpose of the check in > the kernel quoted by the comment: > if (fs->users != 1) > return -EINVAL; > > It's been this way since the code was originally merged in v3.8. Thanks. Patch applied. Cheers, Michael > Signed-off-by: Mike Frysinger <vapier@xxxxxxxxxx> > --- > man2/setns.2 | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/man2/setns.2 b/man2/setns.2 > index 18e80202326a..5985c099b464 100644 > --- a/man2/setns.2 > +++ b/man2/setns.2 > @@ -131,8 +131,12 @@ capabilities in its own user namespace and > .BR CAP_SYS_ADMIN > in the user namespace that owns the target mount namespace. > .IP > -A process may not be reassociated with a new mount namespace if it is > -multithreaded. > +A process can't join a new mount namespace if it is sharing > +filesystem-related attributes > +(the attributes whose sharing is controlled by the > +.BR clone (2) > +.B CLONE_FS > +flag) with another process. > .\" Above check is in fs/namespace.c:mntns_install() [3.8 source] > .IP > See > -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/
