From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ftp.linux.org.uk>
Subject: Re: [AppArmor 33/41] Add d_namespace_path() to obtain namespace relative pathnames
Date: Thu, 12 Apr 2007 11:49:24 +0100
Message-ID: <20070412104924.GF4095@ftp.linux.org.uk>
References: <20070412090809.917795000@suse.de> <20070412090847.351285000@suse.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, chrisw@sous-sol.org,
	Andreas Gruenbacher <agruen@suse.de>
To: jjohansen@suse.de
Return-path: <linux-security-module-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <20070412090847.351285000@suse.de>
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

> +char *d_namespace_path(struct dentry *dentry, struct vfsmount *vfsmnt,
> +		       char *buf, int buflen)
> +{
> +	char *res;
> +	struct vfsmount *rootmnt, *nsrootmnt;
> +	struct dentry *root;
> +
> +	read_lock(&current->fs->lock);
> +	rootmnt = mntget(current->fs->rootmnt);
> +	read_unlock(&current->fs->lock);
> +	spin_lock(&vfsmount_lock);
> +	nsrootmnt = mntget(rootmnt->mnt_ns->root);

... and when somebody does umount -l on your chroot jail, you get
NULL ->mnt_ns.  Oops...