[CRIU] [PATCH] proc: mount proc with minimal permissions
Pavel Emelyanov
xemul at parallels.com
Fri Jun 19 02:20:22 PDT 2015
On 06/18/2015 03:30 PM, Andrey Vagin wrote:
> Eric wants to restrict permissions for proc mounts in a non-root userns
> according with proc mounts in the root userns.
>
> Author: Eric W. Biederman <ebiederm at xmission.com>
> Date: Fri May 8 23:49:47 2015 -0500
>
> mnt: Modify fs_fully_visible to deal with locked ro nodev and atime
>
> Ignore an existing mount if the locked readonly, nodev or atime
> attributes are less permissive than the desired attributes
> of the new mount.
> ...
>
> Signed-off-by: Andrey Vagin <avagin at openvz.org>
Applied, thanks
More information about the CRIU
mailing list