From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ram Pai Subject: Re: [PATCH 2/18] cleanups and bug fix in do_loopback() Date: Wed, 09 Nov 2005 11:08:19 -0800 Message-ID: <1131563299.5400.392.camel@localhost> References: <1131439567.5400.221.camel@localhost> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Cc: Al Viro , torvalds@osdl.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Return-path: To: Miklos Szeredi In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Tue, 2005-11-08 at 01:28, Miklos Szeredi wrote: > > > I see no other reason for wanting to prevent binds from detached > > > mounts or other namespaces. It has been discussed that it would be a > > > good _controlled_ way to send/receive mounts from other namespace > > > without adding any complexity. > > > > AFAICT, the ability to bind across namespaces defeats the private-ness > > property of per-process-namespaces. > > No. The privateness is guaranteed by proc_check_root(), which is > similar, but not the same as check_mnt(), and wich restrict _access_ > to other namespaces. > check_mnt() restricts operations on other namespaces if you _already_ > have access to said namespace. For example via a file descriptor sent > between two processes in different namespaces. Yes there is some contradiction of some sorts on this. private-ness means that the namespace must _not_ be accesible to processes in other namespace. But 'file descriptor sent between two processes in different namespaces' seems to break that guarantee. > > Also with ptrace() you can still access other process's namespace, so > proc_check_root() is also too strict (or ptrace() too lax). same here. RP > > Miklos