Modifying an existing mount namespace where user_ns != mnt_ns->user_ns

From: richard -rw- weinberger
Date: Sun Apr 28 2013 - 13:06:25 EST


If I create a process with CLONE_NEWNS|CLONE_NEWUSER set, how can I
modify the mount namespace later?

I thought I simply can run setns(/proc/<child>/ns/mnt) within my
privileged process which resists in the initial userns and then mount
whatever I want into the child's mount namespace.
But this fails because do_new_mount() uses current->nsproxy->mnt_ns->user_ns.

