Re: [RFC] Expose request_module via syscall

From: Andy Lutomirski
Date: Fri Sep 24 2021 - 19:04:45 EST

On 9/24/21 06:19, Christian Brauner wrote:
On Wed, Sep 22, 2021 at 01:06:49PM -0700, Andy Lutomirski wrote:

I just meant that the programs in the container can see the modules
available on the host. Simplest thing could be bind-mounting in the
host's module folder with suitable protection (locked read-only mount).
But yeah, it can likely be as simple as allowing it to ask for a module
and not bother telling it about what is available.

If the container gets to see host modules, interesting races when containers are migrated CRIU-style will result.