From: Jamie Lokier <jamie@shareable.org>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: linuxram@us.ibm.com, viro@parcelfarce.linux.theplanet.co.uk,
akpm@osdl.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] namespace.c: fix bind mount from foreign namespace
Date: Mon, 16 May 2005 12:26:48 +0100 [thread overview]
Message-ID: <20050516112648.GB21145@mail.shareable.org> (raw)
In-Reply-To: <E1DXbD5-0007UI-00@dorka.pomaz.szeredi.hu>
Miklos Szeredi wrote:
> 1) you need not recursively bind the whole tree of the private
> namespace. In fact you can only do that by hand, since the kernel
> won't do it (!recurse || check_mnt(old_nd.mnt) in do_loopback).
That would be easy to change if it was desired though, by taking both
namespace semaphores when two namespaces are involved.
> 2) you won't see changes made in other namespace, they are still
> separate, they are just sharing some filesystems, just as after
> clone, or just as after propagation within a shared subtree.
That's true.
Let's not get confused between binding across namespaces, and
chroot/chdir into an fd supplied by a process from another namespace.
In the case of bind mount, that _won't_ see changes made in the other
namespace. The /dentry/ visible in the other namespace is simply
mounted here. The fact that it happens to come from another namespace
is irrelevant: the other namespace is not used for single dentry bind mounts.
In the case of chroot/chdir, that _will_ see changes made in the other
namespace. Effectively, that transitions into the other namespace as
a whole, which is exactly what we want in some cases (when userspace
policy determines that a per-session namespace is wanted).
> 4) in fact, the process in the originating namespace can single out a
> mount and just send a file descriptor refering to that mount
> (e.g. by binding it to a temporary directory, opening the root,
> detaching from the mountpoint, and then sending the file descriptor
> to the receiving process). This way the receiving process will see
> no other mounts in the originating namespace, and can only bind
> from that single mount.
Nice. The process in the originating namespace can also bind a small,
carefully selected tree of mounts to a tree in that temporary
directory before passing it, so the recipient can chroot/chdir into
the set of mounts and get only those explicitly authorised by the
originating process.
-- Jamie
next prev parent reply other threads:[~2005-05-16 11:27 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-13 10:44 [PATCH] namespace.c: fix bind mount from foreign namespace Miklos Szeredi
2005-05-13 16:49 ` Ram
2005-05-13 17:06 ` Al Viro
2005-05-13 17:17 ` Miklos Szeredi
2005-05-13 17:25 ` Al Viro
2005-05-13 17:34 ` Miklos Szeredi
2005-05-13 17:29 ` Ram
2005-05-13 18:40 ` Miklos Szeredi
[not found] ` <1116012287.6248.410.camel@localhost>
[not found] ` <E1DWfqJ-0004eP-00@dorka.pomaz.szeredi.hu>
[not found] ` <1116013840.6248.429.camel@localhost>
2005-05-14 6:11 ` Miklos Szeredi
2005-05-16 15:11 ` Ram
2005-05-16 8:44 ` Miklos Szeredi
2005-05-16 8:59 ` Miklos Szeredi
2005-05-16 11:26 ` Jamie Lokier [this message]
2005-05-16 13:23 ` Miklos Szeredi
2005-05-16 11:14 ` Jamie Lokier
2005-05-17 3:50 ` Ram
2005-05-16 20:15 ` Miklos Szeredi
2005-05-17 1:28 ` Jamie Lokier
2005-05-17 5:34 ` Miklos Szeredi
[not found] ` <1116360352.24560.85.camel@localhost>
[not found] ` <E1DYI0m-0000K5-00@dorka.pomaz.szeredi.hu>
[not found] ` <1116399887.24560.116.camel@localhost>
[not found] ` <1116400118.24560.119.camel@localhost>
2005-05-18 9:51 ` [PATCH] fix race in mark_mounts_for_expiry() Miklos Szeredi
2005-05-18 10:12 ` 2.6 jiffies linux
2005-05-18 10:24 ` Arjan van de Ven
2005-05-18 10:28 ` linux
2005-05-18 10:32 ` Arjan van de Ven
2005-05-18 10:42 ` Coywolf Qi Hunt
2005-05-18 10:32 ` Con Kolivas
2005-05-18 10:32 ` [PATCH] fix race in mark_mounts_for_expiry() David Howells
2005-05-18 10:37 ` Miklos Szeredi
2005-05-18 10:46 ` David Howells
2005-05-18 10:53 ` Miklos Szeredi
2005-05-18 10:59 ` David Howells
2005-05-18 11:14 ` Miklos Szeredi
2005-05-18 11:51 ` David Howells
2005-05-18 11:51 ` David Howells
2005-05-18 12:08 ` Miklos Szeredi
2005-05-18 12:08 ` Miklos Szeredi
2005-05-18 12:33 ` Miklos Szeredi
2005-05-18 12:33 ` Miklos Szeredi
2005-05-18 16:53 ` Miklos Szeredi
2005-05-18 16:53 ` Miklos Szeredi
2005-05-18 18:47 ` Ram
2005-05-18 18:47 ` Ram
2005-05-18 19:19 ` Miklos Szeredi
2005-05-18 19:19 ` Miklos Szeredi
2005-05-18 20:35 ` Ram
2005-05-18 20:35 ` Ram
2005-05-19 12:52 ` Miklos Szeredi
2005-05-19 12:52 ` Miklos Szeredi
2005-05-18 11:07 ` Trond Myklebust
2005-05-18 11:32 ` Miklos Szeredi
2005-05-18 12:50 ` Jamie Lokier
2005-05-18 13:21 ` Miklos Szeredi
2005-05-18 17:34 ` Jamie Lokier
2005-05-18 19:05 ` Miklos Szeredi
2005-05-18 19:52 ` Jamie Lokier
2005-05-19 12:41 ` Miklos Szeredi
2005-05-17 18:48 ` [PATCH] namespace.c: fix bind mount from foreign namespace Ram
2005-05-17 0:00 ` Jamie Lokier
-- strict thread matches above, loose matches on Subject: below --
2005-05-16 19:51 Miklos Szeredi
2005-05-17 1:23 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050516112648.GB21145@mail.shareable.org \
--to=jamie@shareable.org \
--cc=akpm@osdl.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxram@us.ibm.com \
--cc=miklos@szeredi.hu \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.