Re: [PATCH] namespace.c: fix bind mount from foreign namespace

From: Jamie Lokier
Date: Mon May 16 2005 - 19:02:10 EST

Next message: Adrian Bunk: "[2.6 patch] drivers/pnp/: possible cleanups"
Previous message: Matt Mackall: "Re: serial console"
In reply to: Ram: "Re: [PATCH] namespace.c: fix bind mount from foreign namespace"
Next in thread: Miklos Szeredi: "[PATCH] namespace.c: fix bind mount from foreign namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ram wrote:
> Under the premise that bind mounts across namespace should be allowed;
> any insight why the "founding fathers" :) allowed only bind
> and not recursive bind? What issue would that create?

Recursive bind traverses the subtree of vfsmnts rooted at the source
mount (following mnt->mnt_mounts, see copy_tree()). That requires the
source mount's namespace semaphore to be held.

> One can easily workaround that restriction by manually binding
> recursively.

Yes, if you know which mounts they are.

> I remember Miklos saying its not a security issue but a
> implementation/locking issue. That can be fixed aswell.

Yes, by taking the source namespace semaphore while traversing the
subtree. That involves taking _two_ semaphores, so they have to be
ordered to avoid deadlock (see double-locking elsewhere in the kernel).

- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adrian Bunk: "[2.6 patch] drivers/pnp/: possible cleanups"
Previous message: Matt Mackall: "Re: serial console"
In reply to: Ram: "Re: [PATCH] namespace.c: fix bind mount from foreign namespace"
Next in thread: Miklos Szeredi: "[PATCH] namespace.c: fix bind mount from foreign namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]