Regression wrt mounting /proc in user namespace in 3.13
Serge E. Hallyn
serge at hallyn.com
Mon Nov 18 18:01:35 UTC 2013
Quoting Serge E. Hallyn (serge at hallyn.com):
> Quoting Gao feng (gaofeng at cn.fujitsu.com):
> > On 11/18/2013 11:19 AM, Serge E. Hallyn wrote:
> > > Quoting Serge E. Hallyn (serge at hallyn.com):
> > >> Low on power and no charger, but a quick test printing out if a mount is
> > >> !S_ISDIR or has nlink !=2 in fs_fully_visible() gives me:
> > >>
> > >> [ 92.939650] nlink is 1 for ino 8733 (0:3)
> > >>
> > >> (that's major 0 minor 3)
> > >
> > > Ok, so that is for binfmt_misc on /proc/sys/fs/binfmt_misc. The
> > > underlying directory is empty, and nlink is showing up as 1.
> > >
> > > Can we just get the nlink check changed to check for < 3 instead
> > > of ==2 ?
> > >
> >
> > I already reported this problem to Eric,hi is working on fix this problem.
> >
> > nlink is not the right thing to check if a directory is null. since
> > in all of filesystems, parent dir's nlink is increase only when we
> > create sub-dir.
>
> This whole thing feels very brittle. May I also point out that simply
> setting perms appears to work just fine instead of overmounting. If I
> chmod 700 /proc/swaps, unshare my pid and mount namespaces and remount
> /proc, then /proc/swaps is 700 in the new mount. Since our concern is
> with a new user namespace, which will be limited to world perms, this
> should suffice and allow us to skip all this nonsense.
>
> Eric?
>
> -serge
So yeah, I think this patch should be reverted, rather than "fixed".
-serge
More information about the Containers
mailing list