From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Serge E. Hallyn" Subject: Re: [REVIEW][PATCH] vfs: Lock in place mounts from more privileged users Date: Wed, 24 Jul 2013 15:30:18 +0000 Message-ID: <20130724153018.GA17960@mail.hallyn.com> References: <877gghruwq.fsf@xmission.com> <87li4wpi2b.fsf@xmission.com> <20130724124933.GA16517@mail.hallyn.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Linux Containers , "Eric W. Biederman" , Andy Lutomirski To: "Serge E. Hallyn" Return-path: Content-Disposition: inline In-Reply-To: <20130724124933.GA16517-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org List-Id: linux-fsdevel.vger.kernel.org Quoting Serge E. Hallyn (serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org): > Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org): > > > > Serge does this patch break lxc? I think all should be well but I want > > to make certain there is not some hidden case where this fundamentaly > > breaks some functionality. > > I haven't yet tried. I'll build and test a kernel today. I'm pretty > sure all the child's mounts are done after clone, so I *think* the worst > case will be that the unmounting of put_old after pivot_root() will > be noisy. Will let you know. > > -serge Just tested it - works fine. Warns about all of the failed umounts. Acked-by: Serge Hallyn ( Mind you I'm not approving of the idea of hiding mounts as a security mechanisms, but I know that neither are you :) thanks, -serge