> On Jun 6, 2019, at 3:38 PM, David Howells <dhowells@xxxxxxxxxx> wrote: > > Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > >> I mean: are there cases where some action generates a notification but does >> not otherwise have an effect visible to the users who can receive the >> notification. It looks like the answer is probably “no”, which is good. > > mount_notify(). You can get a notification that someone altered the mount > topology (eg. by mounting something). A process receiving a notification > could then use fsinfo(), say, to reread the mount topology tree, find out > where the new mount is and wander over there to have a look - assuming they > have the permissions for pathwalk to succeed. > > They can call fsinfo() anyway, or just read /proc/self/mounts. As far as I’m concerned, if you have CAP_SYS_ADMIN over a mount namespace and LSM policy lets you mount things, the of course you can get information to basically anyone who can use that mount namespace.
