[REVIEW][PATCH 3/3] vfs: Fix a regression in mounting proc
Oleg Nesterov
oleg at redhat.com
Wed Nov 27 19:47:22 UTC 2013
Just to avoid the possible confusion, let me repeat that the fix itsef
looks "obviously fine" to me, "i_nlink != 2" looks obviously wrong.
I am not arguing with this patch, I am just trying to understand this
logic.
On 11/27, Eric W. Biederman wrote:
>
> [... snip ...]
Thanks a lot.
> For the real concern about jail environments where proc and sysfs are
> not mounted at all a fs_visible check is all that is really required,
this is what I can't understand...
Lets ignore the implementation details. Suppose that proc was never
mounted. Then "mount -t proc" should fail after CLONE_NEWUSER | NEWNS?
Oleg.
More information about the Containers
mailing list