Miklos Szeredi <miklos@xxxxxxxxxx> writes: > On Sun, Jun 7, 2015 at 3:02 AM, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: >> A nasty corner case to be aware of (and I think this is part of what Al >> was warning about). /proc/sys/net is different depending upon which >> current->nsproxy->net_ns. > > Ah, I'm beginning to grasp what's going on there: mulitple dentries > with the same name but belonging to different namespaces, > ->d_compare() being used to select the right one. Is that it? Yes. The whole sysctl_is_seen magic. I am not proud of it, and I keep thinking I should create /proc/<pid>/sys/... making /proc/sys a symlink to /proc/<pid>/sys/ so that case could go away. Although at this point tomoyo or apparmor probably has rules that would make that impossible (despite no applications actually caring). *sigh* > Overlayfs checks for d_compare() on the root of the lower and upper > trees, but here it only set on a subdirectory of proc, not on every > dentry. So overlayfs should be careful and check for > DCACHE_OP_COMPARE | DCACHE_OP_HASH and reject going down such a > dentry. That sound about right. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
