From mboxrd@z Thu Jan 1 00:00:00 1970 From: Oleg Nesterov Subject: Re: [REVIEW][PATCH 3/3] vfs: Fix a regression in mounting proc Date: Wed, 27 Nov 2013 17:13:00 +0100 Message-ID: <20131127161300.GA24773@redhat.com> References: <20131116164840.GA4441@mail.hallyn.com> <20131117030653.GA7670@mail.hallyn.com> <20131118031932.GA17621@mail.hallyn.com> <52899D09.5080202@cn.fujitsu.com> <20131118140830.GA22075@mail.hallyn.com> <20131118180134.GA24156@mail.hallyn.com> <87k3g5gnuv.fsf@xmission.com> <20131126181043.GA25492@mail.hallyn.com> <87siui1z1g.fsf_-_@xmission.com> <87pppmzoin.fsf_-_@xmission.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "Serge E. Hallyn" , Gao feng , Containers , linux-fsdevel@vger.kernel.org, Aditya Kali , Andy Lutomirski To: "Eric W. Biederman" Return-path: Received: from mx1.redhat.com ([209.132.183.28]:57384 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753244Ab3K0QLz (ORCPT ); Wed, 27 Nov 2013 11:11:55 -0500 Content-Disposition: inline In-Reply-To: <87pppmzoin.fsf_-_@xmission.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: To all: sorry for noise, I can't comment this patch. But Eric, could you please help me to understand? I am totally confused. So, afaics, initially (even after MS_KERNMOUNT) fs_fully_visible("proc") should return false. After the normal "mout -t proc none /proc/" it becomes true. And it is still true after, say, "mount -t ramfs none /proc/sys" because "ls -ld /proc/sys" shows ->i_nlink == 1. However, say, "mount -t ramfs none /proc/tty/" should make fs_fully_visible() == F, because in this case ->i_nlink == 4. Correct? If yes, could you explain what this "!CAP_SYS_ADMIN && !fs_fully_visible" check actually tries to prevent and why? Thanks, Oleg.