Re: [PATCH] namespace.c: fix bind mount from foreign namespace

[Miklos Szeredi]

> > > > Bind mount from a foreign namespace results in
> > > 
> > > ... -EINVAL
> > 
> > Wrong answer.  Look again, you wrote the code, so you _should_ know ;)
> 
> I guess Al agrees that bind mount from foreign namespace must be
> disallowed.
> 
> Which means what Jamie pointed to was right. Attached the patch which
> fixes it.

You are very quick fixing things which are not broken :)

And BTW Jamie was saying, the checks should be removed, not that more
checks should be added (as your patch does).

Jamie Lokier wrote:
> I agree about the bug (and it's why I think the current->namespace
> checks in fs/namespace.c should be killed - the _only_ effect is to
> make un-removable mounts like the above, and the checks are completely
> redundant for "normal" namespace operations).

The checks are actually not redundant, but only because of locking
reasons, not because of security reasons.  So I agree with Jamie, that
in the long run it makes sense to relax those checks.

Miklos

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/