> > 1) you need not recursively bind the whole tree of the private
> > namespace. In fact you can only do that by hand, since the kernel
> > won't do it (!recurse || check_mnt(old_nd.mnt) in do_loopback).
>
> That would be easy to change if it was desired though, by taking both
> namespace semaphores when two namespaces are involved.
Yes.
The other check_mnt() calls could be removed by taking
nd.mnt->mnt_namespace->sem instead of current->namespace->sem in the
relevant functions.
It does make sense IMO, even if it won't be used very often, since
only very little extra complexity is involved.
> > 4) in fact, the process in the originating namespace can single out a
> > mount and just send a file descriptor refering to that mount
> > (e.g. by binding it to a temporary directory, opening the root,
> > detaching from the mountpoint, and then sending the file descriptor
> > to the receiving process). This way the receiving process will see
> > no other mounts in the originating namespace, and can only bind
> > from that single mount.
>
> Nice. The process in the originating namespace can also bind a small,
> carefully selected tree of mounts to a tree in that temporary
> directory before passing it, so the recipient can chroot/chdir into
> the set of mounts and get only those explicitly authorised by the
> originating process.
That won't work, since detach (umount -l) will break up the tree, and
the file descriptor will hold a reference to only one vfsmount/dentry.
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
