[ trimmed CC list ] On Thu, Oct 01, 2015 at 11:15:47AM -0500, Eric W. Biederman wrote: > > With a strategically placed rename bind mounts can be tricked into > giving processes access to the entire filesystem instead of just a piece > of it. This misfeature has existed since bind mounts were introduced > into the kernel. This issue has been fixed in Linus's tree and below > are my tested backports of the fixes to 4.2.1, 4.1.8, 3.18.21, 3.14.53, > 3.12.48, 3.10.89, 3.4.109, 3.2.71, 2.6.32.68. All of the kernels > currently listed as being active. (...) queued for 2.6.32, much appreciated, thanks Eric! Willy -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html